Differences
This shows you the differences between the selected revisions of the page.
| guide_digitalocean 2016-01-27 | guide_digitalocean 2022-06-24 (current) | ||
| Line 1: | Line 1: | ||
| - | ====== Connecting Securely to DigitalOcean Droplet with SFTP ====== | + | ====== Connecting securely to DigitalOcean droplet with SFTP ====== |
| With WinSCP you can easily upload and manage files on your DigitalOcean droplet/server over [[sftp|SFTP protocol]]. | With WinSCP you can easily upload and manage files on your DigitalOcean droplet/server over [[sftp|SFTP protocol]]. | ||
| Line 10: | Line 10: | ||
| First you need to generate your key pair, if you do not have one yet: | First you need to generate your key pair, if you do not have one yet: | ||
| - | * Use [[ui_puttygen|PuTTYgen]] tool to [[ui_puttygen#generating_a_new_key|generate new key]]. | + | * Use [[ui_puttygen|PuTTYgen]] tool to [[ui_puttygen#generating|generate new key]]. |
| * PuTTYgen installs by default with WinSCP. One way, to run it, is using //Tools > Run PuTTYgen// command on WinSCP [[ui_login|Login dialog]]. | * PuTTYgen installs by default with WinSCP. One way, to run it, is using //Tools > Run PuTTYgen// command on WinSCP [[ui_login|Login dialog]]. | ||
| Easiest way to setup the public key authentication is directly when creating the droplet. | Easiest way to setup the public key authentication is directly when creating the droplet. | ||
| - | * In PuTTYgen, copy the contents of //Public key for pasting to OpenSSH authorized_keys file// to the clipboard; | + | * In PuTTYgen, copy the contents of //Public key for pasting into OpenSSH authorized_keys file// to the clipboard; |
| - | * In //Add %%SSH%% Keys// section of the //[[https://cloud.digitalocean.com/droplets/new|Create Droplet]]// form, click //Add %%SSH%% Key//; | + | * In //Authentication > %%SSH%% keys// section of the //[[https://cloud.digitalocean.com/droplets/new|Create Droplets]]// form, click //New %%SSH%% Key//; |
| * Paste the public key fingerprint from clipboard; | * Paste the public key fingerprint from clipboard; | ||
| * And confirm by clicking //Add %%SSH%% Key// button. | * And confirm by clicking //Add %%SSH%% Key// button. | ||
| Line 22: | Line 22: | ||
| If you want to add the key to your existing droplet: | If you want to add the key to your existing droplet: | ||
| - | * [[https://www.digitalocean.com/community/tutorials/how-to-use-the-digitalocean-console-to-access-your-droplet|Connect to the droplet with the DigitalOcean console]]; | + | * Connect to the droplet with the [[https://docs.digitalocean.com/products/droplets/how-to/connect-with-ssh/|SSH]] or [[https://docs.digitalocean.com/products/droplets/how-to/recovery/recovery-console/|DigitalOcean recovery console]]; |
| - | * Follow instructions for [[guide_public_key#openssh|setting up SSH public key authentication for OpenSSH servers]]. | + | * Follow instructions for [[guide_public_key#configure_openssh|setting up SSH public key authentication for OpenSSH servers]]. |
| ===== Connecting ===== | ===== Connecting ===== | ||
| Line 31: | Line 31: | ||
| * IP address: It is the dotted number in a format ''aaa.bbb.ccc.ddd'' below your droplet hostname on the droplet console panel. | * IP address: It is the dotted number in a format ''aaa.bbb.ccc.ddd'' below your droplet hostname on the droplet console panel. | ||
| * Host key fingerprint: On the first connect you will be prompted to [[ssh_verifying_the_host_key|verify a server host key]]. While the DigitalOcean documentation suggests you can accept the droplet host key on the first connect without verifying it, to maintain maximum security, you should securely acquire a fingerprint of the host key: | * Host key fingerprint: On the first connect you will be prompted to [[ssh_verifying_the_host_key|verify a server host key]]. While the DigitalOcean documentation suggests you can accept the droplet host key on the first connect without verifying it, to maintain maximum security, you should securely acquire a fingerprint of the host key: | ||
| - | * [[https://www.digitalocean.com/community/tutorials/how-to-use-the-digitalocean-console-to-access-your-droplet|Connect to the droplet with the DigitalOcean console]]; | + | * [[https://docs.digitalocean.com/products/droplets/how-to/recovery/recovery-console/|Connect to the droplet with the DigitalOcean recovery console]]; |
| - | * Use the following commands display fingerprints of the host keys: \\ <code> | + | * Use the following commands to display fingerprints of the host keys: \\ <code> |
| root@droplet:~# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub | root@droplet:~# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub | ||
| - | 2048 20:24:71:0c:02:03:8e:59:39:7a:c4:fb:95:c1:a8:27 root@droplet-1 (RSA) | + | 2048 SHA256:z6YYzqGiAb1FN55jOf/f4fqR1IJvpXlKxaZXRtP2mX8 root@droplet-1 (RSA) |
| root@droplet-1:~# ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub | root@droplet-1:~# ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub | ||
| - | 1024 fe:be:e5:ee:a8:64:95:8e:99:7a:f8:6b:80:06:01:ab root@droplet-1 (DSA) | + | 1024 SHA256:K1kYcE7GHAqHLNPBaGVLOYBQif04VLOQN9kDbiLW/eE root@droplet-1 (DSA) |
| - | </code> With OpenSSH 6.8 and newer, you need to add ''-E md5'' to display MD5 fingerprint. | + | </code> |
| - | + | ||
| Start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | Start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | ||
| Line 58: | Line 56: | ||
| ===== Further reading ===== | ===== Further reading ===== | ||
| - | * Guide to [[guide_upload|uploading files to SFTP server]]; | + | * [[guide_upload|*]]; |
| - | * Guide to [[guide_automation|automating operations]] (including upload); | + | * [[guide_automation|*]]; |
| - | * [[https://www.digitalocean.com/community/tutorials/how-to-connect-to-your-droplet-with-ssh|Official guide for connecting using SSH/PuTTY]]. | + | * [[https://docs.digitalocean.com/products/droplets/how-to/connect-with-ssh/|Official guide for connecting using SSH/PuTTY]]. |