DigitalOcean Droplets are Linux-based virtual machines (VMs) that run on top of virtualized hardware. Each Droplet you create is a new server you can use, either standalone or as part of a larger, cloud-based infrastructure.
After you create an SSH key pair, you can upload your public key to your DigitalOcean account to make it easier to add your keys to your Droplets. It’s safe to freely share your SSH public key because it cannot be used to re-create the private key. It can only be used to validate the user who holds the associated private key.
To add an SSH public key to your DigitalOcean account, log in to the control panel. In the Account section of the main menu, click Settings, then click the Security tab at the top of the page.
This brings you to the account security settings page. In the SSH keys section, click Add SSH Key.
Next, copy your public key and paste it into the SSH key content field.
Can’t find your keys? By default, your key files are saved to the hidden SSH folder in your home directory, and your public key ends in
.pub. On Linux, your public key is typically
/home/your_username/.ssh/id_rsa.pub, and on macOS and Windows, it’s typically
If you generated your key pair with PuTTYgen on Windows, you need to use PuTTYgen to view the public key in the appropriate format.
In the second field, enter a name for the key. You’ll use this name to identify this key in the DigitalOcean Control Panel. We recommend using the name of the machine you copied the public key from.
Click the Add SSH Key button when you are finished. The key is displayed on the Security page. You can use a key’s More menu to edit the key information or delete it entirely:
When you create Droplets, you can automatically embed this key by selecting it in the Add your SSH keys section of the Droplet create page.
Now, instead of using a set root password, you will use your private key to sign in to your Droplet. If you set a password on the key itself when you created it, you will be prompted for the key’s password. If not, you’ll connect with no additional authentication.