Documentation » Using WinSCP » Guides » Cloud Computing »

Connecting securely to DigitalOcean droplet with SFTP

With WinSCP you can easily upload and manage files on your DigitalOcean droplet/server over SFTP protocol.

Before starting you should have WinSCP installed.

Advertisement

Setting up Public Key Authentication

While you can use the root password to login with WinSCP, it is more secure to use a public key authentication.

First you need to generate your key pair, if you do not have one yet:

Easiest way to setup the public key authentication is directly when creating the droplet.

  • In PuTTYgen, copy the contents of Public key for pasting into OpenSSH authorized_keys file to the clipboard;
  • In Authentication > SSH keys section of the Create Droplets form, click New SSH Key;
  • Paste the public key fingerprint from clipboard;
  • And confirm by clicking Add SSH Key button.

If you want to add the key to your existing droplet:

Connecting

Collect information about your droplet:

  • IP address: It is the dotted number in a format aaa.bbb.ccc.ddd below your droplet hostname on the droplet console panel.
  • Host key fingerprint: On the first connect you will be prompted to verify a server host key. While the DigitalOcean documentation suggests you can accept the droplet host key on the first connect without verifying it, to maintain maximum security, you should securely acquire a fingerprint of the host key:
    • Connect to the droplet with the DigitalOcean recovery console;
    • Use the following commands to display fingerprints of the host keys:
      root@droplet:~# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
      2048 SHA256:z6YYzqGiAb1FN55jOf/f4fqR1IJvpXlKxaZXRtP2mX8  root@droplet-1 (RSA)
      root@droplet-1:~# ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
      1024 SHA256:K1kYcE7GHAqHLNPBaGVLOYBQif04VLOQN9kDbiLW/eE  root@droplet-1 (DSA)
      

Advertisement

Start WinSCP. Login dialog will appear. On the dialog:

  • Make sure New site node is selected.
  • On the New site node, make sure SFTP protocol is selected.
  • Enter your droplet IP address (see above) into the Host name box.
  • Enter root into the User name box.
  • If you are authenticating with the root password:
    • Enter your root password into the Password box.
  • If you are authenticating with the private key:
  • Save your site settings using the Save button.
  • Login using the Login button.
  • Verify the host key by comparing fingerprints with those collected before (see above).

Further reading

Last modified: by martin