UFW Config (easy question)

Can I explicit allow DigitalOcean console access via ssh without opening my droplet’s 22 to the entire internet? AKA does the console exist on the 10.x.x.x subnet or another entity I can whitelist.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi @SmallNavyMorel,

It already is kind of like that. The DigitalOcean console is a browser-based way to connect to your Droplet rather than using SSH. This means that you can block port 22 for the entire world and still be able to connect using the console.

Having said that. I don’t think it’s necessary. By default, DigitalOcean droplets come with Password Authentication Denied. This means that only people which have their SSH key deployed on the droplet can SSH to it. The only reason you would need to worry is if someone finds your private key but that’s very highly unlikely.

Despite saying that, if you still want to further add security, you can always allow connection to port 22 only from your IP address.

Hello there,

The Droplet Console is a browser-based way to connect to Droplets. Instead of using ssh in a local terminal, you can use the Droplet Console in your preferred web browser.

The Droplet Console has a native-like terminal experience, so you can run commands on your Droplet from a familiar command-line interface. It also provides one-click SSH access to your Droplet without the need for a password or manual SSH key configuration.

The console is always available to you within your DigitalOcean account. It is a convenient tool that can help you to regain access via normal ssh when you’ve lost your ssh-key or you’re unable to use a normal ssh-client. Having said that you do not need to make any changes from your end, the console is a tool provided by DigitalOcean which is separate from accessing the droplet via any ssh-client.

Hope that this helps!