How to Connect to your Droplet with OpenSSH on Linux or macOS

To connect to your Droplet, you’ll need to open a terminal. How you do this varies between operating systems and window managers, but generally:

  • Linux: Search Terminal or press CTRL+ALT+T.
  • macOS: Search Terminal.
  • Bash on Windows: Search Bash.

Once the terminal is open, enter the following SSH command. Make sure to substitute in your Droplet’s IP address after the @. If you’re using CoreOS, Rancher, or FreeBSD, the username will be core, rancher, or freebsd instead of root, respectively.

ssh root@203.0.113.0

If you have multiple SSH keys, you may need to specify the path of your private key using the -i flag, as in ssh -i /path/to/private/key username@203.0.113.0. Make sure to substitute in the path to your private key.

The very first time you log in, the server isn’t identified on your local machine, so you’ll be asked if you’re sure you want to continue connecting. You can type yes and then press ENTER.

The authenticity of host '203.0.113.0 (203.0.113.0)' can't be established.
ECDSA key fingerprint is SHA256:IcLk6dLi+0yTOB6d7x1GMgExamplewZ2BuMn5/I5Jvo.
Are you sure you want to continue connecting (yes/no)? yes

Next, a host key fingerprint will be saved to your local machine and you’ll receive this confirmation:

Warning: Permanently added '203.0.113.0' (ECDSA) to the list of known hosts.

You may receive an intimidating-looking remote host identification warning:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.

This happens most often when you’ve destroyed a Droplet immediately before creating and trying to connect to a new one. If the new Droplet gets assigned the same IP address as the Droplet that was destroyed, the host key of the old server is stored and conflicts with the new host key.

If this happens, you can delete the old Droplet’s host key from your local system with the command ssh-keygen -R 203.0.113.0 and then reconnect.

The next part of the connection process is authentication. If you’ve added SSH keys, you’ll connect to the Droplet immediately (or after entering the passphrase for your key pair).

If you haven’t added SSH keys, you’ll be prompted for your password:

root@203.0.113.0's password:

When you enter your password, nothing is displayed in the terminal, so it can be easier to paste in the initial password. Pasting into text-based terminals is different than other desktop applications and is also different from one window manager to another:

  • For Linux Gnome Terminal, use CTRL+SHIFT+V.
  • For macOS, use SHIFT-CMD-V or the middle mouse button.
  • For Bash on Windows, right-click on the window bar, choose Edit, then Paste. You can also right-click to paste if you enable QuickEdit mode.

Once you’ve entered the password, press ENTER.

E-mailed passwords aren’t secure, so the first time you log in with the default password, you will immediately be prompted to change it.

. . .
Changing password for root.

To do that, first re-enter the current password, then press ENTER. Nothing will display on the screen when you type.

(current) UNIX password:

After that, enter your new password and press ENTER. Again, nothing will display on the screen as you type. You’ll be asked to supply the new password a second time to confirm that you’ve typed it accurately.

Enter new UNIX password:
Retype new UNIX password:

When you’ve successfully logged in, you’ll receive an operating system-specific welcome screen. Your command prompt will change to display the username you’ve logged in as, separated by the @ symbol from the hostname of the Droplet, like root@ubuntu-512mb-sfo2-01:~#.

If you’re having trouble connecting to your Droplet with SSH, you can troubleshoot the SSH errors or try connecting with the Droplet console to recover normal SSH access.