Connecting Securely to DigitalOcean Droplet with SFTP
Setting up Public Key Authentication
While you can use the root password to login with WinSCP, it is more secure to use a public key authentication.
First you need to generate your key pair, if you do not have one yet:
Easiest way to setup the public key authentication is directly when creating the droplet.
- In PuTTYgen, copy the contents of Public key for pasting to OpenSSH authorized_keys file to the clipboard;
- In Add SSH Keys section of the Create Droplet form, click Add SSH Key;
- Paste the public key fingerprint from clipboard;
- And confirm by clicking Add SSH Key button.
If you want to add the key to your existing droplet:
Collect information about your droplet:
- IP address: It is the dotted number in a format
aaa.bbb.ccc.ddd below your droplet hostname on the droplet console panel.
- Host key fingerprint: On the first connect you will be prompted to verify a server host key. While the DigitalOcean documentation suggests you can accept the droplet host key on the first connect without verifying it, to maintain maximum security, you should securely acquire a fingerprint of the host key:
- Connect to the droplet with the DigitalOcean console;
- Use the following commands display fingerprints of the host keys:
root@droplet:~# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
2048 20:24:71:0c:02:03:8e:59:39:7a:c4:fb:95:c1:a8:27 root@droplet-1 (RSA)
root@droplet-1:~# ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
1024 fe:be:e5:ee:a8:64:95:8e:99:7a:f8:6b:80:06:01:ab root@droplet-1 (DSA)
With OpenSSH 6.8 and newer, you need to add
-E md5 to display MD5 fingerprint.
Start WinSCP. Login dialog will appear. On the dialog:
- Make sure New site node is selected.
- On the New site node, make sure SFTP protocol is selected.
- Enter your droplet IP address (see above) into the Host name box.
root into the User name box.
- If you are authenticating with the root password:
- Enter your root password into the Password box.
- If you are authenticating with the private key:
- Save your site settings using the Save button.
- Login using the Login button.
- Verify the host key by comparing fingerprints with those collected before (see above).