I’m trying to secure a droplet. Is there a way to only allow console access via the DO website?
I tend not to use my own local SSH client. I just use SFTP to directly access files and execute them via the console. My main concern is that, currently, I’m only using password authentication and I haven’t generated key pairs.
In short, I want to disable remote SSH access, leaving it only accessible via the DO console. Is this still secure or is leaving SFTP enabled still exploitable by brute force attacks?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hello there,
What you can do is disable the root user login. In order to do that edit the /etc/ssh/sshd_config file by setting PermitRootLogin to no, and then restarting the ssh service:
- sudo service ssh restart
Also, you can check our article on How To Enable SFTP Without Shell Access on Ubuntu 20.04
Hope that this helps! Regards, Alex
Hello,
In addition to what has already been mentioned, I could suggest this step by step article on how to harden your SSH service:
https://www.digitalocean.com/community/tutorials/how-to-harden-openssh-on-ubuntu-18-04
Best,
Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.