Tutorial Series

Choose a Series to access other tutorials related to this one.

We hope you find this tutorial helpful. In addition to guides like this one, we provide simple cloud infrastructure for developers. Learn more →

How To Connect To Your Droplet with SSH

UpdatedJanuary 31, 2018 772.4k views Getting Started Linux Basics DigitalOcean Product Documentation

Introduction

DigitalOcean Droplets are managed using a terminal and SSH. SSH is an encrypted network protocol for remote server login and command execution. It is the standard method used for accessing and interacting with Linux servers.

This tutorial will show you how to connect to a DigitalOcean Droplet for the first time by using the OpenSSH client.

Prerequisites

To follow along with this tutorial, you will need to have:

Step 1 — Getting Information about the Droplet

To log in to your Droplet, you'll need to know three pieces of information:

  • The Droplet's IP address
  • The default username on the server
  • The default password for that username

To get your Droplet's IP address, visit the DigitalOcean Control Panel. The IP address will be displayed in the IP Address column after your Droplet has been created. You can mouse over it to copy it into your clipboard.

Screenshot of the IP address with the copy link highlighted

The default username is root on most operating systems, like Ubuntu and CentOS. Exceptions to this include CoreOS, where you'll log in as core, Rancher, where you'll log in as rancher, and FreeBSD, where you'll log in as freebsd.

By default, the password for that user is randomly generated and emailed to you at your account's email address. This email also contains the IP address and default username.

Note: A password will not be generated and emailed if you have uploaded SSH keys to your account and chosen Add SSH Keys. Your key will be used automatically and you'll be prompted for the key's passphrase if you've set one. Visit How To Use SSH Keys with DigitalOcean Droplets to learn more.

The email you receive about your server will look similar to this:

New Droplet creation email
Your new Droplet is all set to go! You can access it using the following credentials:

Droplet Name: ubuntu-2gb-nyc3-01
IP Address: 203.0.113.0
Username: root
Password: EXAMPLE71936efe52b9eb4c602

For security reasons, you will be required to change this Droplet’s root password when you login. You should choose a strong password that will be easy for you to remember, but hard for a computer to guess. You might try creating an alpha-numerical phrase from a memorable sentence (e.g. “I won my first spelling bee at age 7,” might become “Iwm#1sbaa7”). Random strings of common words, such as “Mousetrap Sandwich Hospital Anecdote,” tend to work well, too.

. . .

You'll notice that this initial email also contains guidelines to help you choose a secure password. You'll be required to change the password as soon as you log in for the first time, so you may want to take a moment to choose one before you continue.

Once you have your Droplet's IP address, username, and password, you're ready to connect.

Step 2 — Connecting to the Droplet

To connect, you'll need to open an SSH terminal. How you do this varies between operating systems and window managers, but generally you can:

  • Linux: Search Terminal or press CTRL+ALT+T.
  • macOS: Search Terminal.
  • Bash on Windows: Search Bash.

Once the terminal is open, type the following command.

Make sure to substitute in your Droplet's IP address after the @. If you're using CoreOS, Rancher, or FreeBSD, the username will be core, rancher, or freebsd instead of root, respectively.

  • ssh root@your_droplet_ip

The very first time you log in, the server isn't identified on your local machine, so you'll be asked if you're sure you want to continue connecting. You can enter yes:

The authenticity of host '203.0.113.0 (203.0.113.0)' can't be established.
ECDSA key fingerprint is SHA256:IcLk6dLi+0yTOB6d7x1GMgExamplewZ2BuMn5/I5Jvo.
Are you sure you want to continue connecting (yes/no)? yes

When you press ENTER after typing yes, a host key fingerprint will be saved to your local machine and you'll receive this confirmation:

Warning: Permanently added '203.0.113.0' (ECDSA) to the list of known hosts.

However, you might receive this message instead:

  • @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  • @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
  • @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  • IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
  • Someone could be eavesdropping on you right now (man-in-the-middle attack)!
  • It is also possible that a host key has just been changed.

This happens most often when you've destroyed a Droplet immediately before creating and trying to connect to a new one. If the new Droplet gets assigned the same IP address as the Droplet that was destroyed, the host key of the old server is stored and conflicts with the new host key.

If this happens, you can delete the old Droplet's host key from your local system with the command ssh-keygen -R your_server_ip and then reconnect.

The next part of the connection process is authentication.

Step 3 — Authenticating with a Password

After you've stored the identity of the Droplet, you'll be prompted for your password:

  • root@203.0.113.0's password:

When you enter your password, nothing is displayed in the terminal, so it can be easier to paste in the initial password. However, pasting into text-based terminals is different than other desktop applications and is also different from one window manager to another.

Here is how to paste in some common terminals:

  • For Linux Gnome Terminal, use CTRL+SHIFT+V.
  • For macOS, use SHIFT-CMD-V or the middle mouse button.
  • For Bash on Windows, right-click on the window bar, choose Edit, then Paste. You can also right-click to paste if you enable QuickEdit mode.

Once you've entered the password, press ENTER. When you've successfully logged in, you'll receive an operating system-specific welcome screen.

At the end of the message, you'll be prompted to change your password.

Step 4 — Changing the Password

E-mailed passwords aren't secure, so the first time you log in with the default password, you will immediately be prompted to change it.

To do that, first re-enter the current password, then press ENTER.

. . .
Changing password for root.
(current) UNIX password:

After that, enter your new password and press ENTER. Again, nothing will display on the screen as you type. You'll be asked to supply the new password a second time to confirm that you've typed it accurately.

Enter new UNIX password:
Retype new UNIX password:

When the passwords match, you'll be logged in. Your command prompt will change to display the username you've logged in as, separated by the @ symbol from the hostname of the Droplet, like root@ubuntu-512mb-sfo2-01:~#.

Be sure to store your password in a secure password manager or write down a hint that will remind you. In the event that you forget the password, it can be reset from the Control Panel, but you will have to shut down the Droplet to do so.

Next Steps

Once you're at the command prompt, you have the remote connection you'll need to follow many other DigitalOcean tutorials. Choose from one of the following tutorials to learn more about what you can do from your Droplet's command line:

44 Comments

Creative Commons License