Question

Securing a droplet - noob questions

I’m trying to secure a droplet. Is there a way to only allow console access via the DO website?

I tend not to use my own local SSH client. I just use SFTP to directly access files and execute them via the console. My main concern is that, currently, I’m only using password authentication and I haven’t generated key pairs.

In short, I want to disable remote SSH access, leaving it only accessible via the DO console. Is this still secure or is leaving SFTP enabled still exploitable by brute force attacks?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hello,

In addition to what has already been mentioned, I could suggest this step by step article on how to harden your SSH service:

https://www.digitalocean.com/community/tutorials/how-to-harden-openssh-on-ubuntu-18-04

Best,

Bobby

Hello there,

What you can do is disable the root user login. In order to do that edit the /etc/ssh/sshd_config file by setting PermitRootLogin to no, and then restarting the ssh service:

  1. sudo service ssh restart

Also, you can check our article on How To Enable SFTP Without Shell Access on Ubuntu 20.04

https://www.digitalocean.com/community/tutorials/how-to-enable-sftp-without-shell-access-on-ubuntu-20-04

Hope that this helps! Regards, Alex