How DigitalOcean s new Droplet Console works

The new Droplet Console in DigitalOcean provides a secure and convenient way to connect to droplets through one-click SSH access. To ensure the security of each session, the console integrates the SSH protocol which supports end-to-end encryption. When creating a new console session, the Console UI generates a unique pair of SSH keys for every session, with the private key kept within the customer's browser and the public key securely distributed to the droplet. The connection is bridged by a proxy that ensures end-to-end encryption between the Console UI (i.e., the browser) and the target droplet. Dynamic SSH keys management on droplets is handled by the droplet-agent, which manages the installation of new keys and removal of expired ones.