The Linux Page

Setting up a Digital Ocean Droplet

When I create a new DigitalOcean droplet I have to run a few commands that I don't otherwise use very much at all so I was thinking that adding them here would make it easier to remember.

First if you setup an SSH key on DigitalOcean before you create the servlet, then you will be able to access the server root account with SSH.

ssh -l root -i <path-to-key> <ip-address>

IMPORTANT NOTE: Although you will have access with an SSH key, the system will ask you for a root password if you use the wrong key. So make sure to use the -i option if you have multiple keys and the one you uploaded on DigitalOcean is different (not your default key).

The shell then gives you the ability to create a user, because it is much safer to use a user under your name instead of just and only access the root account. However, you most certainly want to make that user part of the sudo group and setup a password so you can actually use sudo:

useradd -m -s /bin/bash -G sudo alexis

The password could be defined using the -p command line option of useradd, however, that is not safe and you need to first encrypt the password...

Instead we use the passwd command as in:

passwd alexis

As you are root, this allows you to enter a new password without having to do any more than that.

The account is nearly ready. Now you probably want to copy your SSH key in there. Assuming it is the same as the one you installed for the root account, then you can this:

cp -r ~/.ssh ~alexis
cd ~alexis
chown -R alexis:alexis .ssh

If you have a partner and added his key as well, you may want to edit the config file and remove that other key (only keep yours):

vim .ssh/config

If that's the case, you probably want to create an account for your partner too and set it up in a similar way.

Once that is done, make sure to remove the key from the root account:

rm -rf .ssh

Please, make sure you are deleting the root keys, not the new user's (hence the cd command). Then try to connect with your user from your computer and try a sudo command such as apt-get or cat of file such as /etc/shadow. If that works, you're probably all good.

If you setup a root password, you probably want to edit it out. This is done by editing the shadow file and replacing the encrypted password with an asterisk:

vim /etc/shadow

Only replace the second field. Fields are separated by colons. You may use the passwd command with the -d option to delete the password, but that does not prevent using the root account, which is generally considered bad.

SMS From Me Logo

SMS From Me

To automatically start one on one conversations with your online leads.