Contents » Using WinSCP » Guides » Cloud Computing »

Connecting Securely to DigitalOcean Droplet with SFTP

With WinSCP you can easily upload and manage files on your DigitalOcean droplet/server over SFTP protocol.

Before starting you should have WinSCP installed.

Setting up Public Key Authentication

While you can use the root password to login with WinSCP, it is more secure to use a public key authentication.

First you need to generate your key pair, if you do not have one yet:

Easiest way to setup the public key authentication is directly when creating the droplet.

  • In PuTTYgen, copy the contents of Public key for pasting to OpenSSH authorized_keys file to the clipboard;
  • In Add SSH Keys section of the Create Droplet form, click Add SSH Key;
  • Paste the public key fingerprint from clipboard;
  • And confirm by clicking Add SSH Key button.

If you want to add the key to your existing droplet:

Connecting

Collect information about your droplet:

  • IP address: It is the dotted number in a format aaa.bbb.ccc.ddd below your droplet hostname on the droplet console panel.
  • Host key fingerprint: On the first connect you will be prompted to verify a server host key. While the DigitalOcean documentation suggests you can accept the droplet host key on the first connect without verifying it, to maintain maximum security, you should securely acquire a fingerprint of the host key:
    • Connect to the droplet with the DigitalOcean console;
    • Use the following commands display fingerprints of the host keys:

      root@droplet:~# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
      2048 20:24:71:0c:02:03:8e:59:39:7a:c4:fb:95:c1:a8:27  root@droplet-1 (RSA)
      root@droplet-1:~# ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
      1024 fe:be:e5:ee:a8:64:95:8e:99:7a:f8:6b:80:06:01:ab  root@droplet-1 (DSA)
      

      With OpenSSH 6.8 and newer, you need to add -E md5 to display MD5 fingerprint.

Start WinSCP. Login dialog will appear. On the dialog:

  • Make sure New site node is selected.
  • On the New site node, make sure SFTP protocol is selected.
  • Enter your droplet IP address (see above) into the Host name box.
  • Enter root into the User name box.
  • If you are authenticating with the root password:
    • Enter your root password into the Password box.
  • If you are authenticating with the private key:
  • Save your site settings using the Save button.
  • Login using the Login button.
  • Verify the host key by comparing fingerprints with those collected before (see above).

Further reading

 
  guide_digitalocean.txt · Last modified: by martin
 

Search Documentation

This page

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

Associations

Site design by Black Gate