Beginner8 min readUpdated Mar 13, 2026

How to SSH into a Droplet on DigitalOcean

Q: Firewall blocking port 22

Ubuntu: ufw status, allow with ufw allow 22. CentOS: firewall-cmd --list-all. Ensure INPUT chain allows SSH; check cloud firewall too. Reboot Droplet if needed.[2]

Q: Connection refused

Confirm Droplet powered on in Control Panel. Restart SSH: systemctl start sshd or service ssh start. Verify service binds to port 22.[2]

Q: Incorrect IP or DNS issues

Double-check IPv4 in Control Panel. Use IP directly (ssh root@IP) instead of domain. ISP IP change? Update firewall rules.[2]

Q: SSH service not running

Check status: systemctl status sshd. Restart: systemctl restart sshd. Use Recovery Console for access.[2]

Quick Answer

Gather your Droplet's IP, username (root), and SSH keys or password from the DigitalOcean Control Panel. Use ssh root@your_droplet_ip in terminal to connect securely on port 22. Prefer SSH keys for passwordless, secure access; use Recovery Console if locked out.

Prerequisites

Access to DigitalOcean Control Panel at cloud.digitalocean.com
Your Droplet's IPv4 address from the Droplets page
Default username (usually root) or custom user
SSH client installed (OpenSSH on Linux/macOS, PuTTY on Windows)
SSH keys (recommended) or root password

Gather Droplet Information

Log in to the DigitalOcean Control Panel at cloud.digitalocean.com. Navigate to Droplets in the left sidebar, click your Droplet's name, and note the IPv4 address under the Networking or main overview section. Default username is root for most Droplets like Ubuntu or CentOS.[1][4]

Set Up Authentication (SSH Keys Recommended)

For security, use SSH keys: Add public keys via Account > Security > SSH keys before or after Droplet creation. Generate keys locally with ssh-keygen if needed (OpenSSH on Linux/macOS/WSL, PuTTY on Windows). Password authentication is an alternative but less secure; set during creation.[1][2]

Tip

SSH keys enable passwordless login and are strongly recommended over passwords.

Install SSH Client

Ensure an SSH client is ready: Linux/macOS have OpenSSH pre-installed (open Terminal with CTRL+ALT+T on Linux or Spotlight on macOS). Windows: Use OpenSSH in PowerShell or download PuTTY.[1][4]

Open Terminal and Run SSH Command

Launch your terminal: Linux (CTRL+ALT+T), macOS (Spotlight > Terminal), Windows (PowerShell). Run

ssh root@your_droplet_ip

replacing your_droplet_ip with the IPv4 (e.g., ssh root@203.0.113.0). Default port is 22; for non-root: ssh username@your_droplet_ip. Specify key if needed: ssh -i /path/to/private_key root@your_droplet_ip.[1][4]

Tip

Use ~/.ssh/id_ed25519 for common Ed25519 keys.

Verify Host Authenticity

On first connection, you'll see a prompt like:

The authenticity of host '203.0.113.0 (203.0.113.0)' can't be established.
ECDSA key fingerprint is SHA256:IcLk6dLi+0yTOB6d7x1GMgExamplewZ2BuMn5/I5Jvo.
Are you sure you want to continue connecting (yes/no)?

Type yes and press ENTER to add the host to known_hosts.[4]

Authenticate and Connect

SSH keys auto-connect (enter passphrase if set). For passwords, input the root password (invisible while typing). Success shows root@droplet-hostname:~# prompt with OS welcome.[1][4]

Tip

Type exit to disconnect.

Fix Host Key Conflicts

If IP reused: Run ssh-keygen -R your_droplet_ip to remove old entry, then reconnect.[4]

Alternative: Use DigitalOcean CLI (doctl)

Install doctl. Generate token at API > Tokens > Personal access tokens. Run doctl auth init (paste token). Connect with doctl compute ssh droplet-id-or-name (find ID/name in Droplets page).[1]

Tip

Great for scripting or no local SSH client.

Access via Recovery Console (No SSH)

If locked out: Go to Droplet > Access > Launch Recovery Console for browser-based access to reset password or fix issues.[1][5]

Verify SSH Service and Firewall

Once connected, ensure SSH runs: systemctl status ssh or service ssh status. Check port in grep Port /etc/ssh/sshd_config.[2]

Tip

Use this proactively after setup.

Troubleshooting

Permission denied (publickey/password)

Verify IP, username, password, or key path. On Droplet, check ~/.ssh/authorized_keys has 600 perms (chmod 600 ~/.ssh/authorized_keys), ~/.ssh has 700 (chmod 700 ~/.ssh). Reset password via Recovery Console.[5]

Firewall blocking port 22

Ubuntu: ufw status, allow with ufw allow 22. CentOS: firewall-cmd --list-all. Ensure INPUT chain allows SSH; check cloud firewall too. Reboot Droplet if needed.[2]

Connection refused

Confirm Droplet powered on in Control Panel. Restart SSH: systemctl start sshd or service ssh start. Verify service binds to port 22.[2]

Incorrect IP or DNS issues

Double-check IPv4 in Control Panel. Use IP directly (ssh root@IP) instead of domain. ISP IP change? Update firewall rules.[2]

SSH service not running

Check status: systemctl status sshd. Restart: systemctl restart sshd. Use Recovery Console for access.[2]

Related Guides

Ready to get started with DigitalOcean?

Put this tutorial into practice. Visit DigitalOcean and follow the steps above.

Visit DigitalOcean →

How to SSH into a Droplet on DigitalOcean

Quick Answer

Prerequisites

Gather Droplet Information

Set Up Authentication (SSH Keys Recommended)

Install SSH Client

Open Terminal and Run SSH Command

Verify Host Authenticity

Authenticate and Connect

Fix Host Key Conflicts

Alternative: Use DigitalOcean CLI (doctl)

Access via Recovery Console (No SSH)

Verify SSH Service and Firewall

Troubleshooting

Related Guides

More DigitalOcean Tutorials

How to create a Droplet

How to generate SSH keys

How to set up Cloud Firewall

How to configure production Droplet

Other Tool Tutorials

Hostinger Tutorials

Contabo Tutorials

Cloudways Tutorials

Ready to get started with DigitalOcean?