Power up with new SaaS Add-Ons from the DigitalOcean Marketplace

Related

Does DigitalOcean preserve snapshots of deleted droplets?
Question
Installing PHP-FPM with Apache2 on Ubuntu 12.10
Question

Question

root password login only from control panel

Hi,

I know that the best way is to have ssh key authentication but the problem is that sometimes we lose the keys and then the only way is to have root access again to generate new keys etc. Is it possible to disable any root/user password login from remote but only allow it from the control panel?

Thanks,

Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

alexdoSeptember 20, 2021

Hello all,

You can always use the DigitalOcean console as per Jason’s reply. If you happen to lose your ssh-keys you can use the console in order to temporary enable the root user and enable PasswordAuthentication in order to use an ssh-client and upload your new ssh-key.

You can enable PasswordAuthentication for your Droplet by modifying your /etc/ssh/sshd_config file. Once set to Yes restart the SSH service and connect via an SSH client for a more stable connection. You can then modify your ~/.ssh/authorized_keys file to add the appropriate public key.

This change can be made from DigitalOcean’s console. If you’re having issues accessing the console you can then reach to our amazing support team that can help you further with this.

To enable the PasswordAuthentication follow these steps:

  1. Login to the console on the DigitalOcean website.
  2. Type sudo nano /etc/ssh/sshd_config
  3. Change PasswordAuthentication from “no” to “yes” and save the file
  4. Open a terminal on your computer and type ssh username@[hostname or IP address] or if on a Windows box use PuTTY for password login making sure authentication parameters aren’t pointing to a private key
  5. Login with a password
  6. Type sudo nano ~/.ssh/authorized_keys
  7. Paste public key text here and save the file
  8. Type sudo nano /etc/ssh/sshd_config
  9. Change PasswordAuthentication from “yes” to “no” and save the file
  10. Log out and attempt to log back in (if using PuTTY make sure you set up auth parameters to point to your private key)

You can then upload the key using this command:

ssh-copy-id -i ~/.ssh/mykey user@droplet

Hope that this helps! Regards, Alex

Jason ColyerFebruary 24, 2016

What you can do is have the root user only authenticate using SSH keys. Since the SSH settings do not impact the Web Console, you can even disable the root user and still be able to use the DigitalOcean Web Console to login to your droplet in case something were to happen to your keys.

To make it so only SSH keys authenticate, have your /etc/ssh/sshd_config file have this line in it:

PasswordAuthentication no

To disable the root user completely, have your /etc/ssh/sshd_config file have this line in it:

PermitRootLogin no

Remember to have these changes take effect, you need to restart your SSH service.

Hope it helps, Jason Colyer DigitalOcean Platform Support Lead

Join the DigitalOcean CommunityProduct

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner

Related

Does DigitalOcean preserve snapshots of deleted droplets?
Question
Installing PHP-FPM with Apache2 on Ubuntu 12.10
Question
Join the DigitalOcean CommunityProduct

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner