Is that possible that a developer have access to my droplet directly without being added as a member by me on my DO Management console

January 22, 2016 783 views
Linux Commands Linux Basics DigitalOcean Configuration Management

Is that possible that a developer have access to my droplet directly without being added as a member by me on my DO Management console ??

I actually trusting the developer enough to give him the username and password of my DigitalOcean management account, which has triggered the two factor authentication token number . I gave him that token and he gained a complete access to my DigitalOcean management console.

By doing that I assumed that the developer went and created a user account but surprisingly I discovered that he didn't add himself as a member on my Digital Ocean management account.

Now this is the VERY Important Question:-

1) How did he do that and how can I stop him from accessing the droplet ?

2 Answers

From what I am able to tell, you should change your password, revoke his SSH keys and lock his account using the "usermod" command with a -L flag. Better yet, use "userdel" to completely delete his account from your droplet's system.

Does this answer your question?

  • Which password should I change? Do you meen the password for the account or the root password and username of the droplet itself or BOTH ???

    I do NOT know if he has created SSH keys or NOT and I did NOT create any username for him and I can NOT see on my account console any username was created by him.

    He told me that he got direct connection to the server = droplet is that possible and if yes how can I revoke it?

As I understand it, you know how if he did anything to the droplet it self, but you want to disconnect him from the DO Dashboard. I don't think they let us drop logged in instances (like lets say facebook does).

I would recommend you contact support ASAP and ask them if they can help you.
As for the droplet, I would recommend restoring it to an old backup/snapshot after support has helped you, just in case.

  • ddulic Digitalocean support team doesn't provide ANY SUPPORT. ONLY Digital Ocean Youtube channel https://www.youtube.com/user/DigitalOceanVideos

    and the articles available on Digital Ocean website and THIS community section we are using NOW.

    He is not connected to my dashboard DO you understand my point BUT somehow he was saying that he is connected directly to the server do you understand ???

    • Restore to a previous backup/snapshot if possible.
      If not, reboot the droplet (this will drop any active ssh connection), change the password for all users and check for newly added users and remove them.
      After that reboot once again.

      • Hi DDulic

        Can you help me please ? Do you have a skype so you can show me in few minutes how to do all that. I will be grateful if you can assist me in few minutes

        Thank you again, what is your skype ID ?


        • Well if you don't know how to restore to an earlier backup/snapshot then you clearly never set up any to begin with. I could however be wrong about that.

          It's best you change your passwords on your DO account and droplet. Also check the /home directory of your server because most new users would have made themselves a home folder too.

          Other than that you should really consider contacting support.

        • Drop me a mail from the contact form from dulic.me/about
          I am only available for 8h more hours today, so hurry up.

Have another answer? Share your knowledge.