Related

RSA fingerprint doesn't match Question Question
VNC Console access with no password set Question Question

Question

Is DigitalOcean's console access safe? Can I disable it?

Posted February 9, 2018 2.1k views
UbuntuSecurityDigitalOcean

After successfully setting up SSH Key Authentication and disabling password access to my server, I can still log in as either ‘newuser’ or root using DigitalOcean’s console access. Is this normal? It seems very risky.

Add a comment
jattas
By:
jattas
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers
jonleibowitz February 9, 2018

The console of your droplet is the virtual server equivalent of being directly attached to the server’s physical keyboard and monitor ports - it is not an SSH interface.

This tutorial describes its use:

https://www.digitalocean.com/community/tutorials/how-to-use-the-digitalocean-console-to-access-your-droplet

Reply Report
shitchell March 22, 2019

I know this is over a year old, but I wanted to leave this here if you or some other future Googler finds it useful.

Someone recently-ish gained access to my saved passwords in Google and was thus able to access my DigitalOcean account, reset my root password, and login via the console.

As a result I decided to implement this: https://github.com/shitchell/response-test

It detects if the login session is coming from a physical TTY (which the online console appears to be), and if so, presents a customizable challenge phrase/response (glorified second password). If they get it wrong, they’re dropped into a pseudo shell that mimics /bin/sh but with broken commands so that it appears not that they’ve been locked out, but that the system is just horribly broken.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help