D DigitalOcean

How to SSH into a Droplet on DigitalOcean

beginner 8 min read Updated 2026-03-13
Quick Answer

Gather your Droplet's IP, username (root), and SSH keys or password from the DigitalOcean Control Panel. Use <code>ssh root@your_droplet_ip</code> in terminal to connect securely on port 22. Prefer SSH keys for passwordless, secure access; use Recovery Console if locked out.

Prerequisites

  • Access to DigitalOcean Control Panel at cloud.digitalocean.com
  • Your Droplet's IPv4 address from the Droplets page
  • Default username (usually root) or custom user
  • SSH client installed (OpenSSH on Linux/macOS, PuTTY on Windows)
  • SSH keys (recommended) or root password

Step-by-Step Instructions

1

Gather Droplet Information

Log in to the DigitalOcean Control Panel at cloud.digitalocean.com. Navigate to Droplets in the left sidebar, click your Droplet's name, and note the IPv4 address under the Networking or main overview section. Default username is root for most Droplets like Ubuntu or CentOS.[1][4]
2

Set Up Authentication (SSH Keys Recommended)

For security, use SSH keys: Add public keys via Account > Security > SSH keys before or after Droplet creation. Generate keys locally with ssh-keygen if needed (OpenSSH on Linux/macOS/WSL, PuTTY on Windows). Password authentication is an alternative but less secure; set during creation.[1][2]
SSH keys enable passwordless login and are strongly recommended over passwords.
3

Install SSH Client

Ensure an SSH client is ready: Linux/macOS have OpenSSH pre-installed (open Terminal with CTRL+ALT+T on Linux or Spotlight on macOS). Windows: Use OpenSSH in PowerShell or download PuTTY.[1][4]
4

Open Terminal and Run SSH Command

Launch your terminal: Linux (CTRL+ALT+T), macOS (Spotlight > Terminal), Windows (PowerShell). Run 
ssh root@your_droplet_ip
replacing your_droplet_ip with the IPv4 (e.g., ssh root@203.0.113.0). Default port is 22; for non-root: ssh username@your_droplet_ip. Specify key if needed: ssh -i /path/to/private_key root@your_droplet_ip.[1][4]
Use <code>~/.ssh/id_ed25519</code> for common Ed25519 keys.
5

Verify Host Authenticity

On first connection, you'll see a prompt like: 
The authenticity of host '203.0.113.0 (203.0.113.0)' can't be established.
ECDSA key fingerprint is SHA256:IcLk6dLi+0yTOB6d7x1GMgExamplewZ2BuMn5/I5Jvo.
Are you sure you want to continue connecting (yes/no)?
Type yes and press ENTER to add the host to known_hosts.[4]
6

Authenticate and Connect

SSH keys auto-connect (enter passphrase if set). For passwords, input the root password (invisible while typing). Success shows root@droplet-hostname:~# prompt with OS welcome.[1][4]
Type <code>exit</code> to disconnect.
7

Fix Host Key Conflicts

If IP reused: Run ssh-keygen -R your_droplet_ip to remove old entry, then reconnect.[4]
8

Alternative: Use DigitalOcean CLI (doctl)

Install doctl. Generate token at API > Tokens > Personal access tokens. Run doctl auth init (paste token). Connect with doctl compute ssh droplet-id-or-name (find ID/name in Droplets page).[1]
Great for scripting or no local SSH client.
9

Access via Recovery Console (No SSH)

If locked out: Go to Droplet > Access > Launch Recovery Console for browser-based access to reset password or fix issues.[1][5]
10

Verify SSH Service and Firewall

Once connected, ensure SSH runs: systemctl status ssh or service ssh status. Check port in grep Port /etc/ssh/sshd_config.[2]
Use this proactively after setup.

Common Issues & Troubleshooting

Permission denied (publickey/password)

Verify IP, username, password, or key path. On Droplet, check <code>~/.ssh/authorized_keys</code> has 600 perms (<code>chmod 600 ~/.ssh/authorized_keys</code>), <code>~/.ssh</code> has 700 (<code>chmod 700 ~/.ssh</code>). Reset password via Recovery Console.[5]

Firewall blocking port 22

Ubuntu: <code>ufw status</code>, allow with <code>ufw allow 22</code>. CentOS: <code>firewall-cmd --list-all</code>. Ensure INPUT chain allows SSH; check cloud firewall too. Reboot Droplet if needed.[2]

Connection refused

Confirm Droplet powered on in Control Panel. Restart SSH: <code>systemctl start sshd</code> or <code>service ssh start</code>. Verify service binds to port 22.[2]

Incorrect IP or DNS issues

Double-check IPv4 in Control Panel. Use IP directly (<code>ssh root@IP</code>) instead of domain. ISP IP change? Update firewall rules.[2]

SSH service not running

Check status: <code>systemctl status sshd</code>. Restart: <code>systemctl restart sshd</code>. Use Recovery Console for access.[2]

Limited Time

Affiliate link. We may earn a commission at no extra cost to you.

Visit DigitalOcean View DigitalOcean Pricing