DO Ideas 2

Display the SSH ID of a droplet on the droplet's admin web page.

Display the SSH ID of a droplet on its admin web page so that the ID
can be manually confirmed when ssh-ing in to the droplet for the
first time.

Having to accept a droplet's ID the first time one connects to the
droplet without confirming it leaves the whole droplet-creation
procedure open to a man-in-the-middle attack. This security hole
can be plugged by displaying a droplet's ssh ID on its page inside
the DigitalOcean website and then encouraging DigitalOcean users
to check the ID when they ssh in to the droplet for the first time.

  • Ross Williams
  • Sep 11 2018
  • Attach files
  • Ross Williams commented
    September 11, 2018 17:01

    For bonus points, put the ID on a separate droplet admin pages, and if the
    user selects the SSH option when creating a droplet and doesn't visit that
    page soon after droplet creation, then email the user and suggest that they
    confirm the droplet ID when ssh-ing into droplets for the first time.