Introduction
If you have recently created a DigitalOcean Droplet, and you are new to working with Linux servers, you will need to learn how to use SSH to connect to and manage it. SSH, which stands for Secure Shell, is an encrypted network protocol that is used to for, among other things, remote server login and command execution. It is the standard method used for accessing and interacting with Linux servers.
This quick tutorial will show you how to connect to your new Linux cloud server for the first time, by logging into it using an SSH client.
Prerequisites
The prerequisites section describes everything that you need know about to follow this tutorial. Of course, you will need to have created a new Droplet through the DigitalOcean Control Panel.
Server Information and Login Credentials
In order to connect to a remote Linux server via SSH, you must have following:
- User name: The remote user to log in as. The default admin user, or Superuser, on most Linux servers is
root
- Password and/or SSH Key: The password that is used to authenticate the user that you are logging in as. If you added a public SSH key to your droplet when you created it, you must have the private SSH key of the key pair (and passphrase, if it has one)
- Server IP address: This is the address that uniquely identifies your server on the Internet, and can be found in your DigitalOcean Droplets page
If you did not add an SSH key to your Droplet when you created it, you should have received an email from DigitalOcean with the aforementioned connection information and credentials. The emailed password is temporary, and must be changed after the first login.
SSH Client Software
There are a variety of SSH clients that you can use to connect to a Linux server. We will cover the following two:
- OpenSSH (Linux and Mac OS X): A collection of software that ships with most Unix-like operating systems that includes the
ssh
command - PuTTY (Windows): A free SSH client that can run on Windows, and is available for download on the PuTTY Download Page.
putty.exe
is the SSH client, andputtygen.exe
should also be downloaded if you want to use SSH keys.
SSH Login as Root
Now that you have all of the required information and software, you are now ready to log in to your server for the first time. Make sure to only follow the instructions that are relevant to your SSH client.
Option 1: OpenSSH (Linux and Mac OS X)
The OpenSSH ssh
client is a command-line tool, so open a Terminal window to get started.
Step 1—Initiate the Connection
At the command prompt, enter the following command to attempt to connect to your server as the root
user (subsitute the highlight word with your server’s IP address):
ssh root@SERVER_IP_ADDRESS
For example, if the server IP address was 123.234.123.234
, the command would look like this: ssh [email protected]
.
The first time you attempt to connect to your server, you will likely see a warning that looks like this:
The authenticity of host '123.123.123.123 (123.123.123.123)' can't be established.
ECDSA key fingerprint is
79:95:46:1a:ab:37:11:8e:86:54:36:38:bb:3c:fa:c0.
Are you sure you want to continue connecting (yes/no)?
Go ahead and type yes
to continue to connect. Here, your computer is telling you that the remote server is not recognized. Since this is your first time connecting, this is completely expected. Skip to step 2, Authentication.
If you happened to destroy a droplet directly prior to creating the one that you are connecting to, you may see a warning like this:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
...
If this is the case, your new droplet probably has the same IP address as the old, destroyed droplet, but a different host SSH key. This is fine, and you can remove the warning, by deleting the old droplet’s host key from your system, by running this command:
ssh-keygen -R SERVER_IP_ADDRESS
Now try connecting to your server again.
Step 2—Authenticate
The authentication step involves providing a password and/or a private SSH key to prove that you are authorized to log in as root
.
If you added an SSH key to your Droplet, and you have the private key installed on your computer, OpenSSH will attempt to use the key to authenticate to the root
account. If you used a key with a passphrase, you will need to provide the passphrase to complete the login process. At this point, if you are unable to log in, you may need to start your ssh-agent
and add your SSH keys to it with the following command (assuming your key is called “id_rsa”), then go back to Step 1:
eval `ssh-agent -s`
ssh-add ~/.ssh/id_rsa
If you did not add an SSH key to your Droplet, you will be prompted for the temporary password, and you will also be required to change it. Follow these steps to complete the login process:
- Copy the temporary password from the email, and paste it into the password prompt
- At the
(current) UNIX password
prompt, paste in the temporary password again - At the
Enter new UNIX password
prompt, enter a strong password - At the
Retype new UNIX password
prompt, enter the same strong password that you just entered
Don’t forget the new password that you set.
You’re now logged in! Skip to the Where To Go From Here? section of this tutorial to read about what your next steps with your server should be.
Option 2: PuTTY (Windows)
Run putty.exe
by double-clicking on it, which will start the program and take you to the configuration screen.
Note: These steps do not cover using SSH keys with PuTTY. If you need to use SSH keys with PuTTY, use PuTTYgen to generate and load keys. A tutorial on this subject can be found here: How To Use SSH Keys with PuTTY.
Step 1—Configure the Connection
To properly configure the the SSH connection in putty, ensure that the following settings are set:
- Host Name (or IP address): Enter your server’s IP address here
- Port: 22 (default)
- Connection Type: SSH (default)
You may now name and save this particular connection for future use by typing a name in the “Saved Sessions” field, and clicking “save”.
Step 2—Initiate the Connection
To initiate the connection, double-click on the session name, and accept the security alert (this will only appear the first time you connect to a server).
Step 3—Authenticate
The authentication step involves providing the login credentials, the user name and temporary password, to connect to the server. Following the initial connection, you will be required to change the password.
Follow these steps to complete the login process:
- At the
login as
prompt, enterroot
- At the
Password prompt
, enter the password that was emailed to you (copy and paste it) - At the
(current) UNIX password
prompt, paste in the temporary password again - At the
Enter new UNIX password
prompt, enter a strong password - At the
Retype new UNIX password
prompt, enter the same strong password that you just entered
Don’t forget the new password that you set.
Where To Go From Here?
Congratulations! You are logged in to your server over SSH!
The next steps are to set up some basic security measures to protect your server from being compromised. These steps are covered in these distribution-specific tutorials: