Question

Which IP (blocks?) do I need to allow through my firewall for Drople Console?

Reading the doc for how to allow Droplet Console to access a droplet, it only mentions allowing ssh through. Currenly, the attempt just times out. I would REALLY prefer not to open SSH up to the world. Which IPs do I need to allow ssh access?

Show comments

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I some additional research on this topic. While we don’t know which IP’s to allow for the droplet console, you can still limit the IP’s safely.

Why? DO offers a recovery console that acts like a direct attached keyboard and mouse. So you can restrict IP access to your ssh server, and even if you mess up and block yourself from connecting, you can still use the recovery console to regain access.

Please mark this comment as the answer to this thread.

I have this question, too. I run a VPN on my droplets, so I only want ssh access via the VPN network. But I want to allow Web console to work in case I lock myself out.

I logged into my Droplet today using the Web console and the IP shows as “162.243.188.66” , but there could be more IP addresses that need to be allowed.

You’d think DO would share this IP address list or range with their users in the interests of security.

KFSys
Site Moderator
Site Moderator badge
December 1, 2022

Hi @solitaryr,

Regarding the Web Console, you shouldn’t be having issues or needing to allow anything on the Droplet.

Having said that, unless you’ve changed anything in the /etc/ssh/sshd_config file, your Droplet can be accessed only by the Web Console or with SSH key so opening the port 22 shouldn’t be a problem.

Additionally, you can allow port 22 only for your IP address and use PuTty to do so.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

card icon
Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up
card icon
Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.

Learn more
card icon
Become a contributor

You get paid; we donate to tech nonprofits.

Learn more
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow – whether you’re running one virtual machine or ten thousand.

Learn more ->
DigitalOcean Cloud Control Panel