Question
Is that possible that a developer have access to my droplet directly without being added as a member by me on my DO Management console
- Posted January 22, 2016
- Linux CommandsLinux BasicsDigitalOceanConfiguration Management
Is that possible that a developer have access to my droplet directly without being added as a member by me on my DO Management console ??
I actually trusting the developer enough to give him the username and password of my DigitalOcean management account, which has triggered the two factor authentication token number . I gave him that token and he gained a complete access to my DigitalOcean management console.
By doing that I assumed that the developer went and created a user account but surprisingly I discovered that he didn’t add himself as a member on my Digital Ocean management account.
Now this is the VERY Important Question:-
- How did he do that and how can I stop him from accessing the droplet ?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
As I understand it, you know how if he did anything to the droplet it self, but you want to disconnect him from the DO Dashboard. I don’t think they let us drop logged in instances (like lets say facebook does).
I would recommend you contact support ASAP and ask them if they can help you. As for the droplet, I would recommend restoring it to an old backup/snapshot after support has helped you, just in case.
From what I am able to tell, you should change your password, revoke his SSH keys and lock his account using the “usermod” command with a -L flag. Better yet, use “userdel” to completely delete his account from your droplet’s system.
Does this answer your question?