Is DigitalOcean's console access safe? Can I disable it?

Hello, all

The web console is intended to access your droplet in a case of emergency in order to sort out the issue. Most users manage their DigitalOcean Droplets using SSH, PuTTY, or a control panel they’ve installed themselves. However, changes to your network or service configuration files could leave you unable to log in remotely using these methods.

The Droplet console provides out-of-band access and is available regardless of your network settings. It emulates the access you would have if you were sitting down with a keyboard and monitor attached to the actual server. You can use this feature to log in and revert bad settings to regain normal access.

I will highly recommend to use a ssh-client in order to access and manage your droplet.

You can also check our docs on How to Connect to Droplets with SSH:

https://www.digitalocean.com/docs/droplets/how-to/connect-with-ssh/

There are two options at the bottom of the doc: Connect with OpenSSH and Connect with PuTTY

Hope that this helps! Regards, Alex

I know this is over a year old, but I wanted to leave this here if you or some other future Googler finds it useful.

Someone recently-ish gained access to my saved passwords in Google and was thus able to access my DigitalOcean account, reset my root password, and login via the console.

As a result I decided to implement this: https://github.com/shitchell/response-test

It detects if the login session is coming from a physical TTY (which the online console appears to be), and if so, presents a customizable challenge phrase/response (glorified second password). If they get it wrong, they’re dropped into a pseudo shell that mimics /bin/sh but with broken commands so that it appears not that they’ve been locked out, but that the system is just horribly broken.