Is it possible to create droplet without the ability to restore root access from the panel?

September 21, 2015 867 views
Applications Security DigitalOcean

Here is my situation.

I have chosen digitalocean to host server software that I have created and want to set up their servers but block their ability to log in via root ( so they cant just log into grab the files). I like the idea of the SSH keys but in the console there is a restore root access function. Is there any solution to basically just retain root access myself via an SSH key and not allow them to restore the root access? Basically they would just be able to destroy or create an image of the server.

2 comments
  • From my little experience with DigitalOcean: There is currently no option (especially if they have access to login to the DigitalOcean dashboard). You can create another Droplet under your own account and create a user account for them. That way only you will get access to the admin / root and the rest of the users will be normal users.

  • A droplet that is created with an SSH key for authentication will not have a root password set and the password reset tool in the control panel should not be able to create one. So you could:

    1.) Add an ssh key to your DO account
    2.) Create your droplet with that key
    3.) Delete the key from your DO account (This will remove it from the control panel but not your droplet)

    Now this droplet will be inaccessible via ssh without the key and the web console will not be usable because there is no root password set.

    I would recommend testing this option as I have not tested this method in the use case you describe but by being the only person with the ssh key for the droplet you should be set. If the user you are setting this up for has control panel access they will still be able to take some destructive actions or gain access via some round-a-bout methods:

    1.) They could power off or reboot the droplet
    2.) They could create a snapshot image and deploy a new droplet from it (or rebuild the current one from the snapshot) to gain access to the files.
    3.) They could open a support ticket and request the Recovery ISO which when mounted will allow them to gain access.

    The more perfect option would be to implement your own limited control panel functionality using the API and providing your user with the limited access you want them to have.

1 Answer

This question was answered by @ryanpq:

A droplet that is created with an SSH key for authentication will not have a root password set and the password reset tool in the control panel should not be able to create one. So you could:

1.) Add an ssh key to your DO account
2.) Create your droplet with that key
3.) Delete the key from your DO account (This will remove it from the control panel but not your droplet)

Now this droplet will be inaccessible via ssh without the key and the web console will not be usable because there is no root password set.

I would recommend testing this option as I have not tested this method in the use case you describe but by being the only person with the ssh key for the droplet you should be set. If the user you are setting this up for has control panel access they will still be able to take some destructive actions or gain access via some round-a-bout methods:

1.) They could power off or reboot the droplet
2.) They could create a snapshot image and deploy a new droplet from it (or rebuild the current one from the snapshot) to gain access to the files.
3.) They could open a support ticket and request the Recovery ISO which when mounted will allow them to gain access.

The more perfect option would be to implement your own limited control panel functionality using the API and providing your user with the limited access you want them to have.

View the original comment

Have another answer? Share your knowledge.