The Security page of your account lets you manage your login method, set up two-factor authentication, and view the SSH keys, SSL certificates, and security history of your account.
Personal access tokens for the DigitalOcean API and access keys for Spaces are generated and managed on the Applications and API page of the control panel.
When you register a new DigitalOcean account, you can either provide an email address and password or choose Sign up with Google. Using Google Single Sign On (SSO) reduces the number of usernames and passwords people need to manage to access their online accounts.
If you’ve signed up with a username and password, you can click Use Google SSO and follow the prompts to switch to using Google. For additional security, we strongly recommend that you enable two-factor authentication on your Google account when using Google SSO with DigitalOcean.
If you’re already using Google SSO, you can click Remove Google SSO to switch to a username and password.
Using two-factor authentication with a username and password-based login adds an additional layer of security against unauthorized access to your account. Even if a bad actor gains access to your password, for example, they still can’t access anything without also having your phone.
If you are using Google SSO, you will not see the two-factor authentication section because you are not using a username and password on your DigitalOcean account. Instead, we strongly recommend that you enable two-factor authentication on your Google account.
In the two-factor authentication section you can:
You can find more detailed instructions in our two-factor authentication documentation:
Set up two-factor authentication to add an additional layer of security to your DigitalOcean account.
SSH keys provide a more secure way to log into your Droplet. We recommend them for all users.
In this section, you can upload an SSH public key to your account and name it. Once you’ve added a key, you can select it during Droplet creation to automatically add it to new Droplets. You can also add SSH keys directly to existing Droplets.
For more detailed instructions, see our SSH key documentation:
The standard OpenSSH suite of tools contains the ssh-keygen utility, which is used to generate key pairs. Run it on your local computer to generate a 2048-bit RSA key pair, which is fine for most uses. ssh-keygen The utility will prompt you to select a location for the keys. By default, the keys are stored in the ~/.ssh directory with the filenames id_rsa for the private key and id_rsa.pub for the public key.
To create and use SSH keys on Windows, you need to download and install both PuTTY, the utility used to connect to remote servers through SSH, and PuTTYgen, a utility used to create SSH keys. On the PuTTY website, download the .msi file in the Package files section at the top of the page, under MSI (‘Windows Installer’). Next, install it on your local computer by double clicking it and using the installation wizard.
After you create an SSH key, you can upload your public key to your DigitalOcean account to make it easier to add your keys to your Droplets. It’s safe to freely share your SSH public key because it cannot be used to re-create the private key. It can only be used to validate the user who holds the associated private key. From the Account section in the navigation menu, select Security.
For security reasons, you can’t add or modify the SSH keys on your Droplet using the control panel after you create it, but you have several options to add and modify them via the command line. If you currently have SSH access to the Droplet, you can upload keys: From your local computer using ssh-copy-id, which is included in many Linux distributions’ OpenSSH packages. From your local computer by piping the contents of the key into the ~/.
To connect to your Droplet, you’ll need to open a terminal. How you do this varies between operating systems and window managers, but generally: Linux: Search Terminal or press CTRL+ALT+T. macOS: Search Terminal. Bash on Windows: Search Bash. Once the terminal is open, enter the following SSH command. Make sure to substitute in your Droplet’s IP address after the @. If you’re using CoreOS, Rancher, or FreeBSD, the username will be core, rancher, or freebsd instead of root, respectively.
PuTTY is an open-source SSH and Telnet client for Windows. It allows you to securely connect to remote servers from a local Windows computer. If you don’t have PuTTY installed, visit the PuTTY website and choose the Windows installer from the Package files list. Once PuTTY is installed, start the program. Configuring PuTTY On the PuTTY Configuration screen that opens, fill in the field labeled Host Name (or IP Address) with your Droplet’s IP address, which you can find in the control panel.
SSL certificates are used for SSL termination forwarding rules on DigitalOcean Load Balancers. The certificates section of your account security page lets you manage the SSL certificates uploaded to your account.
To use custom certificates or certificates from a commercial certificate authority, add them manually here. Certificates created and managed through DigitalOcean’s Let’s Encrypt integration are added automatically when they are created.
The security history shows a record of actions that have been taken in your account, like user logins, resource creation and deletion, and password changes. It also includes the IP address of the device where the action originated and how long ago the action happened. Hover over the value in the Time column, like 1 month ago, to see the specific date and time of the event, like Fri, Nov 2 2018 at 3:31pm.