Now that we have a server, we need to connect to it and install a few things so we can run our web application. If you’re a Mac user, you’ll be doing this right through the terminal. If you’re a Windows user, you’ll be using PuTTY, which we installed in the last tutorial. In both cases it’s pretty straightforward.
We’re starting on Windows because PuTTY is slightly more complex. Mac users, bear with me, this will take about 45 seconds. Open your start menu, find PuTTY, and launch it. From there you’ll see a small window with a whole bunch of stuff. Don’t worry, you can ignore about 95% of it. We’re not even going to save our credentials right now.
Scroll down to the submenu under “Connection” in the left-hand side to “SSH” and expand it. Then click “Auth”. On the right side, at the bottom of the options, where it says “Private key file for authentication”, browse to your private key and select it. Remember: you’re not giving this key to anyone. It remains on your machine alone. This just allows PuTTY to check the public key, which the DigitalOcean droplet will send it, against your private one to make sure you’re you.
Once you’ve done that, scroll the left menu all the way back to the top and click “Session”. Then type the IP address of your droplet into the “Host Name (or IP address)” box. That’s all you need. You can now click the “Open” button down at the bottom to start your session. It’ll ask if you want to accept the server’s SSH credentials. Since it’s your server, I’d say it’s pretty trustworthy, so go ahead and accept them. Then when it asks who you’re logging in as, type “root” and then enter your SSH key passphrase when asked. Congrats, you’re now connected to your server.
We’ll cover saving credentials in PuTTY in a bit. There’s some stuff we need to do first. Mainly, we don’t want to be logging in as root, for security reasons, so it makes no sense to save those credentials right now.
OK, switching over to the Mac … Windows users, don’t skip this part. It contains stuff you’ll need to do.
Mac folks, here’s how you do this: open up a new terminal window, type
ssh root@[your server’s ip], and hit enter. That’s it. Make sure you add the root username, though, or you’ll get an SSH error and be unable to connect. If this is your first time connecting, you may be asked whether you want to trust this server (the answer is yes). Then you’ll be asked to enter your SSH key passphrase.
All right, we’re in. You can tool around your server as much as you’d like, I won’t stop you, but navigating between various directories gets pretty boring pretty quickly. With that in mind, let’s jump right to, you know … doing stuff. The first thing on our list of stuff to do is to create a new user. Logging in as root is generally not a good idea and should be saved for extreme emergencies. Instead, let’s create a new superuser login that has nearly all the powers of root, without being root.
So, this is easy … but also mildly tedious. Welcome to the wonderful world of the Unix command line!
[username] is, of course, whatever username you want to use. Please do not use [username] as your username! I’m going to go with “cwbuecheler” because that is the username I use basically everywhere. You won’t believe this, but it’s rarely taken …
Anyway, hit enter and you’ll be prompted to enter a password. This is not your SSH key passphrase. This is a password you’ll be using when you want to enable superuser privileges after logging in. Meaning it’s a brand new password, and you’re going to need to remember it. Act accordingly.
It’s going to ask you a bunch of information about names and home phone numbers … you can leave all of this blank (just hit enter for each question). It was probably deeply relevant when running a server meant twelve total people at a university somewhere connecting to a single DEC machine, but it’s really not anymore.
Once you’ve created your user, you need to make them super. Since we can’t have them bitten by a radioactive spider or expose them to cosmic rays or something something red sun of Krypton, run this command instead:
usermod -aG sudo [username]
Again, please use your actual username here.
That’s all it takes. Your new user is now created and given super access. You can switch to that user without even logging out, for now, by typing:
su - [username]
It’ll switch you over to the new account. Time to test out those sudo privileges! Type the following:
which will take you to the var directory. We’re going to store our website in /var/www, but that folder doesn’t exist yet, so type:
sudo mkdir www
It’ll ask you for the password you just established and, assuming you type it correctly, create the directory. You can then do:
To get a complete listing of folders and files with attributes, which show that the owner of
www is root, even though we created it with our new user. That’s the power of sudo.
Now, here’s the problem: you can’t log in with this user account right now, because it doesn’t have an associated SSH public key (the one you uploaded to DigitalOcean only gets associated with root). There are two options here. Generate a key for your new user and upload it, too, or copy the one associated with root. The latter’s easier, so let’s do that. Type the following:
sudo cp -r /root/.ssh /home/[username]
And then type:
sudo chown -R [username]:[username] /home/[username]/.ssh
[username] should be the username you just set up and are currently logged in as. So for example I would type:
sudo chown -R cwbuecheler:cwbuecheler .ssh
All set? Good. Now type
logout. You’ll see that returns you to root, so type
logout again to end the SSH session completely. Mac users, you can type the following to reconnect using your new user account:
ssh [username]@[your server’s ip]
PuTTY users, you can repeat the steps mentioned from before, but log in as your username instead of root. Yes, I know it’s annoying to have to load the SSH private key every time. So this time, when you have the key and the IP set up, instead of clicking “Open” to start the connection, do three more things:
- Click “Data” under “Connection” in the left menu, and put your username in the first box
- Click “Session” in the left menu and in the “Saved Sessions” box, type “DigitalOcean - [username]”
- Click “Save”
Now you’ll be able to select that session from the list of saved sessions any time you want to log in.
All right, you should now be logged in as your new superuser, without having had to log in as root first. Congrats! Tedious user management is now done, and we can get back to focusing on setup.