Securing a droplet - noob questions

I’m trying to secure a droplet. Is there a way to only allow console access via the DO website?

I tend not to use my own local SSH client. I just use SFTP to directly access files and execute them via the console. My main concern is that, currently, I’m only using password authentication and I haven’t generated key pairs.

In short, I want to disable remote SSH access, leaving it only accessible via the DO console. Is this still secure or is leaving SFTP enabled still exploitable by brute force attacks?

Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
February 15, 2022


In addition to what has already been mentioned, I could suggest this step by step article on how to harden your SSH service:



Site Moderator
Site Moderator badge
February 14, 2022

Hello there,

What you can do is disable the root user login. In order to do that edit the /etc/ssh/sshd_config file by setting PermitRootLogin to no, and then restarting the ssh service:

  1. sudo service ssh restart

Also, you can check our article on How To Enable SFTP Without Shell Access on Ubuntu 20.04

Hope that this helps! Regards, Alex