Differences
This shows you the differences between the selected revisions of the page.
guide_digitalocean 2017-01-14 | guide_digitalocean 2022-06-24 (current) | ||
Line 1: | Line 1: | ||
- | ====== Connecting Securely to DigitalOcean Droplet with SFTP ====== | + | ====== Connecting securely to DigitalOcean droplet with SFTP ====== |
With WinSCP you can easily upload and manage files on your DigitalOcean droplet/server over [[sftp|SFTP protocol]]. | With WinSCP you can easily upload and manage files on your DigitalOcean droplet/server over [[sftp|SFTP protocol]]. | ||
Line 10: | Line 10: | ||
First you need to generate your key pair, if you do not have one yet: | First you need to generate your key pair, if you do not have one yet: | ||
- | * Use [[ui_puttygen|PuTTYgen]] tool to [[ui_puttygen#generating_a_new_key|generate new key]]. | + | * Use [[ui_puttygen|PuTTYgen]] tool to [[ui_puttygen#generating|generate new key]]. |
* PuTTYgen installs by default with WinSCP. One way, to run it, is using //Tools > Run PuTTYgen// command on WinSCP [[ui_login|Login dialog]]. | * PuTTYgen installs by default with WinSCP. One way, to run it, is using //Tools > Run PuTTYgen// command on WinSCP [[ui_login|Login dialog]]. | ||
Easiest way to setup the public key authentication is directly when creating the droplet. | Easiest way to setup the public key authentication is directly when creating the droplet. | ||
- | * In PuTTYgen, copy the contents of //Public key for pasting to OpenSSH authorized_keys file// to the clipboard; | + | * In PuTTYgen, copy the contents of //Public key for pasting into OpenSSH authorized_keys file// to the clipboard; |
- | * In //Add %%SSH%% Keys// section of the //[[https://cloud.digitalocean.com/droplets/new|Create Droplet]]// form, click //Add %%SSH%% Key//; | + | * In //Authentication > %%SSH%% keys// section of the //[[https://cloud.digitalocean.com/droplets/new|Create Droplets]]// form, click //New %%SSH%% Key//; |
* Paste the public key fingerprint from clipboard; | * Paste the public key fingerprint from clipboard; | ||
* And confirm by clicking //Add %%SSH%% Key// button. | * And confirm by clicking //Add %%SSH%% Key// button. | ||
Line 22: | Line 22: | ||
If you want to add the key to your existing droplet: | If you want to add the key to your existing droplet: | ||
- | * [[https://www.digitalocean.com/community/tutorials/how-to-use-the-digitalocean-console-to-access-your-droplet|Connect to the droplet with the DigitalOcean console]]; | + | * Connect to the droplet with the [[https://docs.digitalocean.com/products/droplets/how-to/connect-with-ssh/|SSH]] or [[https://docs.digitalocean.com/products/droplets/how-to/recovery/recovery-console/|DigitalOcean recovery console]]; |
* Follow instructions for [[guide_public_key#configure_openssh|setting up SSH public key authentication for OpenSSH servers]]. | * Follow instructions for [[guide_public_key#configure_openssh|setting up SSH public key authentication for OpenSSH servers]]. | ||
Line 31: | Line 31: | ||
* IP address: It is the dotted number in a format ''aaa.bbb.ccc.ddd'' below your droplet hostname on the droplet console panel. | * IP address: It is the dotted number in a format ''aaa.bbb.ccc.ddd'' below your droplet hostname on the droplet console panel. | ||
* Host key fingerprint: On the first connect you will be prompted to [[ssh_verifying_the_host_key|verify a server host key]]. While the DigitalOcean documentation suggests you can accept the droplet host key on the first connect without verifying it, to maintain maximum security, you should securely acquire a fingerprint of the host key: | * Host key fingerprint: On the first connect you will be prompted to [[ssh_verifying_the_host_key|verify a server host key]]. While the DigitalOcean documentation suggests you can accept the droplet host key on the first connect without verifying it, to maintain maximum security, you should securely acquire a fingerprint of the host key: | ||
- | * [[https://www.digitalocean.com/community/tutorials/how-to-use-the-digitalocean-console-to-access-your-droplet|Connect to the droplet with the DigitalOcean console]]; | + | * [[https://docs.digitalocean.com/products/droplets/how-to/recovery/recovery-console/|Connect to the droplet with the DigitalOcean recovery console]]; |
- | * Use the following commands display fingerprints of the host keys: \\ <code> | + | * Use the following commands to display fingerprints of the host keys: \\ <code> |
root@droplet:~# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub | root@droplet:~# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub | ||
- | 2048 20:24:71:0c:02:03:8e:59:39:7a:c4:fb:95:c1:a8:27 root@droplet-1 (RSA) | + | 2048 SHA256:z6YYzqGiAb1FN55jOf/f4fqR1IJvpXlKxaZXRtP2mX8 root@droplet-1 (RSA) |
root@droplet-1:~# ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub | root@droplet-1:~# ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub | ||
- | 1024 fe:be:e5:ee:a8:64:95:8e:99:7a:f8:6b:80:06:01:ab root@droplet-1 (DSA) | + | 1024 SHA256:K1kYcE7GHAqHLNPBaGVLOYBQif04VLOQN9kDbiLW/eE root@droplet-1 (DSA) |
- | </code> With OpenSSH 6.8 and newer, you need to add ''-E md5'' to display MD5 fingerprint. | + | </code> |
- | + | ||
Start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | Start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | ||
Line 58: | Line 56: | ||
===== Further reading ===== | ===== Further reading ===== | ||
- | * Guide to [[guide_upload|uploading files to SFTP server]]; | + | * [[guide_upload|*]]; |
- | * Guide to [[guide_automation|automating operations]] (including upload); | + | * [[guide_automation|*]]; |
- | * [[https://www.digitalocean.com/community/tutorials/how-to-connect-to-your-droplet-with-ssh|Official guide for connecting using SSH/PuTTY]]. | + | * [[https://docs.digitalocean.com/products/droplets/how-to/connect-with-ssh/|Official guide for connecting using SSH/PuTTY]]. |