Is that possible that a developer have access to my droplet directly without being added as a member by me on my DO Management console

January 22, 2016 2.8k views
Linux Commands Linux Basics DigitalOcean Configuration Management
Cedcaf39e2fbb334e9cc19a6881f2d5efbeafbf9
By:
Viceagle

Is that possible that a developer have access to my droplet directly without being added as a member by me on my DO Management console ??

I actually trusting the developer enough to give him the username and password of my DigitalOcean management account, which has triggered the two factor authentication token number . I gave him that token and he gained a complete access to my DigitalOcean management console.

By doing that I assumed that the developer went and created a user account but surprisingly I discovered that he didn't add himself as a member on my Digital Ocean management account.

Now this is the VERY Important Question:-

1) How did he do that and how can I stop him from accessing the droplet ?

Log In to Comment
2 Answers
BeanJr January 22, 2016

From what I am able to tell, you should change your password, revoke his SSH keys and lock his account using the "usermod" command with a -L flag. Better yet, use "userdel" to completely delete his account from your droplet's system.

Does this answer your question?

Reply
  • Viceagle January 22, 2016

    Which password should I change? Do you meen the password for the account or the root password and username of the droplet itself or BOTH ???

    I do NOT know if he has created SSH keys or NOT and I did NOT create any username for him and I can NOT see on my account console any username was created by him.

    He told me that he got direct connection to the server = droplet is that possible and if yes how can I revoke it?

ddulic January 22, 2016

As I understand it, you know how if he did anything to the droplet it self, but you want to disconnect him from the DO Dashboard. I don't think they let us drop logged in instances (like lets say facebook does).

I would recommend you contact support ASAP and ask them if they can help you.
As for the droplet, I would recommend restoring it to an old backup/snapshot after support has helped you, just in case.

Reply
  • Viceagle January 22, 2016

    ddulic Digitalocean support team doesn't provide ANY SUPPORT. ONLY Digital Ocean Youtube channel https://www.youtube.com/user/DigitalOceanVideos

    and the articles available on Digital Ocean website and THIS community section we are using NOW.

    He is not connected to my dashboard DO you understand my point BUT somehow he was saying that he is connected directly to the server do you understand ???

    • ddulic January 22, 2016

      Restore to a previous backup/snapshot if possible.
      If not, reboot the droplet (this will drop any active ssh connection), change the password for all users and check for newly added users and remove them.
      After that reboot once again.

      • Viceagle January 22, 2016

        Hi DDulic

        Can you help me please ? Do you have a skype so you can show me in few minutes how to do all that. I will be grateful if you can assist me in few minutes

        Thank you again, what is your skype ID ?

        Cheers

        • BeanJr January 23, 2016

          Well if you don't know how to restore to an earlier backup/snapshot then you clearly never set up any to begin with. I could however be wrong about that.

          It's best you change your passwords on your DO account and droplet. Also check the /home directory of your server because most new users would have made themselves a home folder too.

          Other than that you should really consider contacting support.

        • ddulic January 23, 2016

          Drop me a mail from the contact form from dulic.me/about
          I am only available for 8h more hours today, so hurry up.

Have another answer? Share your knowledge.

Related Questions