First Login on Digital Ocean with FreeBSD

Although I’m a longtime Linode and (Slackware) Linux user, I finally decided to get around to trying Digital Ocean with a FreeBSD droplet.  The process was not as easy as advertised, but I was finally able to login!  That took some doing.

After creating the droplet and domain records, I decided to go with the SSH login (vs. having a temporary root password emailed to me).

First you create SSH keys.  On OSX, I went to ~/.ssh directory, and did the following:

ssh-keygen -t rsa

Copy it to the clipboard:

pbcopy < ~/.ssh/id_rsa.pub

The important thing to note here is that your SSH key must be added to the DO dashboard **before** you create the droplet.

The id_rsa file must have the following permissions set:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa

Otherwise, when you attempt to login to DO, you’ll be greeted (as I was) with a screen that looks like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/Users/myusername/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible
by others.
This private key will be ignored.
bad permissions: ignore key: /Users/myusername/.ssh/id_rsa

Setting correct permissions will also help avoid popups requesting a password for the id_rsa key on OSX.

Then, just login as the freebsd user. This is a superuser which has the SSH authentication tied to it.

ssh freebsd@yourIP

And you’re good to go!

References:
How to Configure SSH Key-based Authentication on a FreeBSD Server (comments are most relevant)
Password Dialog Appears When SSH Private Key Permissions are Set to 600

This entry was posted in remote.config and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *