Monday, 5 August 2019
Given that you have SSH access to your Digital Ocean droplet (via the web console or via the command line), you may want to allow SSH access for another laptop.
Digital Ocean allows you to attach a new SSH key to your account under Account > Security > SSH Keys, but once you have created a droplet there is no way of attaching any new SSH key you add here as an authorized key on the existing droplet.
If you are working on a laptop which isn't your primary workstation for SSH-ing into the droplet (e.g. this is the workstation you used to setup the droplet originally), then you need to follow the steps outlined in the section "Connecting from a new workstation", otherwise follow "Registering a new SSH key from your primary workstation"
The registry of permitted public keys on a droplet is held at
~/.ssh/authorized_keys which should look something like the below:
root@mydroplet:~# cat ~/.ssh/authorized_keys ssh-rsa [KEY] [IDENTIFIER] ssh-rsa [KEY] [IDENTIFIER]
If you are working on a laptop which has SSH access to the droplet, then you can add a new SSH key remotely using
$ cat ~/.ssh/id_rsa.pub | ssh root@[DROPLETIP] "sudo sshcommand acl-add dokku mynewlaptop"
Dokku also has an
authorized_keys registry file at a different location in the Dokku home folder:
/home/dokku/.ssh/authorized_keys - the public key for your new workstation will also need to be registered in this file for Dokku deployment to work (e.g. when running
git push dokku master from your local dev rig).
If you are using Dokku for deployment then the
sshcommand call above should have also registered your new public key in Dokku's version of
You can double check this by running
cat on the
/home/dokku/.ssh/authorized_keys file after you've added the new SSH key above:
root@mydroplet:~# cat /home/dokku/.ssh/authorized_keys command="FINGERPRINT=SHA256:4G/[REDACTED] NAME=\"work laptop\" `cat /home/dokku/.sshcommand` $SSH_ORIGINAL_COMMAND",no-agent-forwarding,no-user-rc,no-X11-forwarding,no-port-forwarding [PUBLIC KEY] command="FINGERPRINT=SHA256:4G/[REDACTED] NAME=\"home laptop\" `cat /home/dokku/.sshcommand` $SSH_ORIGINAL_COMMAND",no-agent-forwarding,no-user-rc,no-X11-forwarding,no-port-forwarding [PUBLIC KEY]
If you haven't got access to your primary workstation (if you're at work or on holiday for example), then the process is a little more complex. You can login to your Dokku droplet by navigating to the Droplets page on the Digital Ocean dashboard and clicking More > Access Console on the relevant droplet.
You will be prompted to log in the console using your root SSH password. The user name will be
root when you are prompted. If you don't know what your root password is, you can request for a new one to be sent to you over email by clicking on the droplet and going to the "Access" configuration page and clicking "Reset root password".
The web version of the SSH console is O-K. I had some problems with copying in the output of my call to
cat ~/.ssh/id_rsa.pub locally (the string was all garbled when you copied from one window to another), so the guide below is an alternative hacky approach to adding your SSH key using pastebin as a text file host.
In your local machine's terminal, copy your public key:
$ cat ~/.ssh/id_rsa.pub [REDACTED]
Head over to https://pastebin.com/ and paste the public key and create a paste (setting the paste exposure setting to Unlisted). Once created, grab the raw paste URL which should look something like https://pastebin.com/raw/WxAis0hR
Head back over to the droplet web console and create a temporary txt file to store your SSH key:
root@mydroplet:~# touch blah.txt
cURL the raw paste text file, piping it to a file called
root@mydroplet:~# curl https://pastebin.com/raw/VW7uC43s > blah.txt
Append the contents of the text file
blah.txt preceded by a new line to your
root@mydroplet:~# cat <(echo) blah.txt >> ~/.ssh/authorized_keys
Remove the temporary text file:
root@mydroplet:~# rm blah.txt
Once this has been done, you should be able to log in to your droplet via SSH from your new machine:
$ ssh root@[DROPLETIP]