Connecting securely to DigitalOcean droplet with SFTP

While you can use the root password to login with WinSCP, it is more secure to use a public key authentication.

First you need to generate your key pair, if you do not have one yet:

• Use PuTTYgen tool to generate new key.
• PuTTYgen installs by default with WinSCP. One way, to run it, is using Tools > Run PuTTYgen command on WinSCP Login dialog.

Easiest way to setup the public key authentication is directly when creating the droplet.

• In PuTTYgen, copy the contents of Public key for pasting into OpenSSH authorized_keys file to the clipboard;
• In Authentication > SSH keys section of the Create Droplets form, click New SSH Key;
• Paste the public key fingerprint from clipboard;
• And confirm by clicking Add SSH Key button.

If you want to add the key to your existing droplet:

• Connect to the droplet with the SSH or DigitalOcean recovery console;
• Follow instructions for setting up SSH public key authentication for OpenSSH servers.

Collect information about your droplet:

• IP address: It is the dotted number in a format aaa.bbb.ccc.ddd below your droplet hostname on the droplet console panel.
• Host key fingerprint: On the first connect you will be prompted to verify a server host key. While the DigitalOcean documentation suggests you can accept the droplet host key on the first connect without verifying it, to maintain maximum security, you should securely acquire a fingerprint of the host key:
  • Connect to the droplet with the DigitalOcean recovery console;
  • Use the following commands to display fingerprints of the host keys:
    

    root@droplet:~# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
    2048 SHA256:z6YYzqGiAb1FN55jOf/f4fqR1IJvpXlKxaZXRtP2mX8  root@droplet-1 (RSA)
    root@droplet-1:~# ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
    1024 SHA256:K1kYcE7GHAqHLNPBaGVLOYBQif04VLOQN9kDbiLW/eE  root@droplet-1 (DSA)
    

Start WinSCP. Login dialog will appear. On the dialog:

• Make sure New site node is selected.
• On the New site node, make sure SFTP protocol is selected.
• Enter your droplet IP address (see above) into the Host name box.
• Enter root into the User name box.
• If you are authenticating with the root password:
  • Enter your root password into the Password box.
• If you are authenticating with the private key:
  • Press the Advanced button to open Advanced site settings dialog and go to the SSH > Authentication page.
  • In the Private key file box select your private key file.
  • Submit the Advanced site settings dialog with OK button.
• Save your site settings using the Save button.
• Login using the Login button.
• Verify the host key by comparing fingerprints with those collected before (see above).

• Upload files to FTP server or SFTP server;
• Automate file transfers (or synchronization) to FTP server or SFTP server;
• Official guide for connecting using SSH/PuTTY.