Question

Is that possible that a developer have access to my droplet directly without being added as a member by me on my DO Management console

Is that possible that a developer have access to my droplet directly without being added as a member by me on my DO Management console ??

I actually trusting the developer enough to give him the username and password of my DigitalOcean management account, which has triggered the two factor authentication token number . I gave him that token and he gained a complete access to my DigitalOcean management console.

By doing that I assumed that the developer went and created a user account but surprisingly I discovered that he didn’t add himself as a member on my Digital Ocean management account.

Now this is the VERY Important Question:-

  1. How did he do that and how can I stop him from accessing the droplet ?
Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

As I understand it, you know how if he did anything to the droplet it self, but you want to disconnect him from the DO Dashboard. I don’t think they let us drop logged in instances (like lets say facebook does).

I would recommend you contact support ASAP and ask them if they can help you. As for the droplet, I would recommend restoring it to an old backup/snapshot after support has helped you, just in case.

From what I am able to tell, you should change your password, revoke his SSH keys and lock his account using the “usermod” command with a -L flag. Better yet, use “userdel” to completely delete his account from your droplet’s system.

Does this answer your question?