{"id":2903,"date":"2024-10-02T00:00:00","date_gmt":"2024-10-02T00:00:00","guid":{"rendered":"http:\/\/ssdnodes.billabailey.com\/2017\/03\/06\/tutorial-setting-up-and-securing-ssh-based-authentication\/"},"modified":"2024-11-16T23:00:46","modified_gmt":"2024-11-16T23:00:46","slug":"connecting-vps-ssh-security","status":"publish","type":"post","link":"https:\/\/www.ssdnodes.com\/blog\/connecting-vps-ssh-security\/","title":{"rendered":"Connecting to Your VPS with SSH and Improving SSH Safety"},"content":{"rendered":"<p><span style=\"font-family: inherit; background-color: transparent;\">Looking for a detailed guide on how to connect to your VPS with SSH and improve SSH safety for your server? This article has everything you need to know.<\/span><\/p>\n<h2><span style=\"font-family: inherit; background-color: transparent;\">Introduction<\/span><\/h2>\n<p><span style=\"font-family: inherit; background-color: transparent;\">As soon as you buy a new virtual private server (VPS) with one of our irresistible <a href=\"https:\/\/www.ssdnodes.com\/cheap-vps-hosting\/\">deals<\/a>, you\u2019ll probably want to log in and get started.<\/span><\/p>\n<p>Secure Shell, most commonly referred to as <em>SSH<\/em>, is your go-to option for logging into your server.<\/p>\n<p>In this tutorial, we'll cover basic SSH authentication, followed by ways of making logging in easier. Finally, we'll cover some<span style=\"font-family: inherit; background-color: transparent;\"> easy-to-use strategies for improving the overall SSH Safety of your VPS.<br \/>\n<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9173\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/vps-ssh.webp\" alt=\"vps ssh\" width=\"600\" height=\"400\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/vps-ssh.webp 768w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/vps-ssh-300x200.webp 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<h2 id=\"the-prerequisites\">Connecting to Your VPS with SSH - Prerequisites<\/h2>\n<p>You need a few things to log into your VPS server via SSH:<\/p>\n<ul>\n<li>A virtual private server running any of <a href=\"https:\/\/www.ssdnodes.com\/\">our OS options<\/a><\/li>\n<li>Your server\u2019s IP address<\/li>\n<li>Your login\/password credentials<\/li>\n<li>Your preferred SSH client<\/li>\n<\/ul>\n<div class=\"cta-inline\"><\/div>\n<h2 id=\"your-servers-ip-address\">Step 1 - Finding Your VPS IP Address for SSH<\/h2>\n<p>You might not be familiar with all of the terms above, or where to find them. Let's quickly walk through your IP address, username\/password, and what an SSH client is.<\/p>\n<p>Your IP address is similar to the address to your home or apartment\u2014it tells your computer \"where\" your server is on the internet. Your server's IP address can be easily discovered by logging into the <a href=\"https:\/\/ssdnodes.com\/manage\/clientarea.php\" target=\"_blank\" rel=\"noopener noreferrer\">SSD Nodes dashboard<\/a> and clicking on <em><strong>Services<\/strong><\/em> or finding the appropriate active server by clicking<strong><em> Active<\/em><\/strong>\u00a0under <strong>View<\/strong> in the left-hand navigation. Click on the specific server you want to log into. Then look for the <code>IPv4<\/code> or <code>IPv6<\/code> headings:<\/p>\n<p><code class=\"hljs css\">IPv4   <span class=\"hljs-selector-tag\">xxx<\/span><span class=\"hljs-selector-class\">.xx<\/span><span class=\"hljs-selector-class\">.xx<\/span><span class=\"hljs-selector-class\">.xxx<\/span><\/code><\/p>\n<p><code class=\"hljs css\">IPv6   <span class=\"hljs-selector-tag\">xxx:<\/span><span class=\"hljs-selector-class\">xx:<\/span><span class=\"hljs-selector-class\">xx:<\/span><span class=\"hljs-selector-class\">xx:xxx:xx:x<\/span><\/code><\/p>\n<h3>IPv4 vs IPv6<\/h3>\n<p>IPv4 addresses are 32-bit binary numbers, allowing for approximately 4.3 billion unique addresses. However, with the proliferation of internet-connected devices, IPv4 address exhaustion has become a significant concern due to the limited address space. IPv6 addresses, on the other hand, are 128 bits long, providing an astronomically larger pool of unique addresses.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9174\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ip-addresses.webp\" alt=\"vps ssh ip addresses\" width=\"600\" height=\"151\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ip-addresses.webp 1000w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ip-addresses-300x76.webp 300w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ip-addresses-768x194.webp 768w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<h3>What Port is SSH Using?<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9178\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ssh-port.webp\" alt=\"what port is ssh?\" width=\"500\" height=\"333\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ssh-port.webp 768w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ssh-port-300x200.webp 300w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><br \/>\nSSH, by default, uses port 22 for communication, acting like a specific door through which computers talk securely to each other over the internet. But it can be changed to any other available port. This flexibility allows users to enhance security by using non-standard ports.<\/p>\n<h2>Step 2 - Your VPS SSH Login Credentials<\/h2>\n<p>If this is your very first time logging in, you\u2019ll be using the administrative account\u2014also known as the Superuser\u2014which is typed in as <code>root<\/code>.<\/p>\n<p>This can be confirmed just beneath the <code>IPv4<\/code> or<code>IPv6<\/code> headings\u2014you\u2019ll also find your default password here.<\/p>\n<pre><code class=\"hljs nginx\"><span class=\"hljs-attribute\">Username<\/span>    root\r\nPassword    xxxxxxxxxxxx\r\n<\/code><\/pre>\n<h2 id=\"your-preferred-ssh-client\">Step 3 - Choose Your Preferred SSH Client<\/h2>\n<p>On Linux and OS X computers, the default SSH client is OpenSSH, and should come pre-installed. There\u2019s nothing more to install\u2014you\u2019re ready to go by opening a terminal using the <code>ssh<\/code> command.<\/p>\n<p>On Windows, we recommend a free, open-source program called <a href=\"https:\/\/putty.org\/\" target=\"_blank\" rel=\"noopener\">PuTTY<\/a>. We recommend downloading the MSI installer to ensure you have all the necessary utilities to do more advanced techniques, like key-based logins.<\/p>\n<h2 id=\"the-basic-login-linuxos-x\">Step 4 - Basic VPS SSH Login<\/h2>\n<p>By default, SSD Nodes servers are accessible through SSH, so you don\u2019t need to spend any time on setup\u2014just launch your favorite terminal emulator (Linux\/OS X) and call the <code> ssh <\/code> command using the root user and the IP address you found above:<\/p>\n<pre><code class=\"language-bash hljs\">ssh root@IP_address\r\n<\/code><\/pre>\n<p>You might get a warning the first time you try connecting to your server\u2014simply put, your computer just doesn\u2019t recognize the remote server. You can safely type <code> yes <\/code> here\u2014you won\u2019t see the warning again.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9175\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ssh-warning.webp\" alt=\"vps ssh warning\" width=\"600\" height=\"139\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ssh-warning.webp 1000w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ssh-warning-300x69.webp 300w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ssh-warning-768x177.webp 768w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>From here, you\u2019ll be asked for your password\u2014remember that it\u2019s case sensitive!<\/p>\n<p>At this point, you should be logged in and ready to take the next steps with your VPS and self host some awesome applications. If you need some advice about what you can do, check out our blog post <a href=\"https:\/\/www.ssdnodes.com\/blog\/what-is-self-hosting\/\">What is Self-hosting?<\/a><\/p>\n<h3>The Putty-based Login<\/h3>\n<p>If you\u2019re using a Windows machine, we recommend PuTTY to log in to your VPS. If it\u2019s your first time launching PuTTY, you\u2019ll be prompted with a configuration screen. Use the following configurations:<\/p>\n<pre><code class=\"hljs bash\">Host Name (or IP address): IP_address\r\nPort: 22\r\nConnection <span class=\"hljs-built_in\">type<\/span>: SSH\r\n<\/code><\/pre>\n<p>Click <code> Open <\/code> to begin the connection. If this is your first time, you\u2019ll see a short warning. You can accept the connection by clicking <code> Yes <\/code> .<\/p>\n<p>First, you\u2019ll be prompted for a user account:<\/p>\n<pre><code class=\"hljs cs\">login <span class=\"hljs-keyword\">as<\/span>:\r\n<\/code><\/pre>\n<p>Enter <code> root <\/code> here. You\u2019ll be prompted for your password.<\/p>\n<pre><code class=\"hljs makefile\">Using keyboard-interactive authentication.\r\n<span class=\"hljs-section\">Password:<\/span>\r\n<\/code><\/pre>\n<p>After this, you\u2019ll be logged into a secure connection with your VPS.<\/p>\n<p>If all you're interested in is logging in to your VPS via SSH, you'll be set at this point. Read on to learn more tips about how to create a non-root, sudo-enabled user, improve the security and safety of your SSH connection, and more.<\/p>\n<hr \/>\n<h2 id=\"adding-a-new-user\">Step 5 - Adding a New User<\/h2>\n<p>Right now, you\u2019re logging into your server and performing all commands as the root user. This user has permissions to change every aspect of your server. This is good for the sake of administration, but regularly logging in and navigating your VPS as root isn\u2019t great for security and SSH safety.<\/p>\n<p>Instead, you should add a new user for the purposes of logging in and doing administrative work. Replace <code> <mark>username<\/mark> <\/code> with your preferred username.<\/p>\n<pre><code class=\"language-bash hljs\">adduser <mark>username<\/mark>\r\n<\/code><\/pre>\n<p>The command will ask you to input a password. We highly recommend a strong, secure password.<\/p>\n<pre><code class=\"language-bash hljs\">Enter new UNIX password: \r\nRetype new UNIX password: \r\npasswd: password updated successfully\r\n<\/code><\/pre>\n<p>You\u2019ll also be asked to input some other information. The default option is fine, so just hit <code> Enter <\/code> for each of these and then type <code> Y <\/code> to confirm.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9177\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ssh-new-user.webp\" alt=\"vps ssh new user\" width=\"600\" height=\"173\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ssh-new-user.webp 1000w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ssh-new-user-300x87.webp 300w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ssh-new-user-768x222.webp 768w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>Add the new user to the <code> sudo <\/code> group.<\/p>\n<pre><code class=\"language-bash hljs\">usermod <span class=\"hljs-_\">-a<\/span>G sudo <mark>username<\/mark>\r\n<\/code><\/pre>\n<p>Before we can test out whether sudo access is working, we need to log into the user account.<\/p>\n<pre><code class=\"language-bash hljs\"><span class=\"hljs-built_in\">logout<\/span>\r\nssh <mark>username<\/mark>@remote_server\r\n<\/code><\/pre>\n<p>Now, make sure your sudo access is working. One way of doing this is by listing the <code> \/root\/ <\/code> directory, which is only possible with sudo access. You\u2019ll be asked for your user\u2019s password to authenticate.<\/p>\n<pre><code class=\"language-bash hljs\">sudo ls -la \/root\r\n[sudo] password <span class=\"hljs-keyword\">for<\/span> username:\r\n<\/code><\/pre>\n<h2 id=\"upgrading-to-private-key-authentication\">Step 6 - SSH Safety on Your VPS<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-9179\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ssh-safety.webp\" alt=\"SSH Safety\" width=\"500\" height=\"333\" srcset=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ssh-safety.webp 768w, https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2023\/01\/ssh-safety-300x200.webp 300w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><br \/>\nSSH safety is extremely important, and while SSH , by default, is a very secure method of connecting to remote servers, there are however some additional steps that you can take to further ensure the legitimacy of your connections.<\/p>\n<h3>Private SSH Authentication with SSH Keys<\/h3>\n<p><strong>SSH keys<\/strong> are the easiest and best way to add additional security layers to your SSH connections.<\/p>\n<p>SSH authentication involves a public key and a private key\u2014the public key can be freely shared around the internet, while your private key should never be shared with anyone or brought outside your local machine. By placing your public key on your VPS, you can match up the public key with your private key to log in. This dramatically increases the security and safety of the connection\u2014SSH keys are nearly impossible to attack via brute force.<\/p>\n<h3 id=\"create-the-ssh-keys\">Create the SSH Keys<\/h3>\n<p>First, create your keys on your local machine:<\/p>\n<pre><code class=\"language-bash hljs\">ssh-keygen -t rsa\r\n<\/code><\/pre>\n<p>You\u2019ll be prompted with a request on where to save the newly-created files.<\/p>\n<pre><code class=\"language-bash hljs\">Enter file <span class=\"hljs-keyword\">in<\/span> <span class=\"hljs-built_in\">which<\/span> to save the key (\/home\/username\/.ssh\/id_rsa):\r\n<\/code><\/pre>\n<p>The best option here is to type <code> Enter <\/code> and place the keys in their default location. Next, you\u2019ll be asked for a passphrase.<\/p>\n<pre><code class=\"language-bash hljs\">Enter passphrase (empty <span class=\"hljs-keyword\">for<\/span> no passphrase):\r\n<\/code><\/pre>\n<p>There are pros and cons to whether or not you choose to secure your SSH key with a passphrase. Passphrases offer increased security\u2014even if a hacker gained access to your private key, they would also need to figure out your passphrase before they could use it against you. It\u2019s almost like having two-factor authentication built into SSH.<\/p>\n<p>The con of having a strong, secure passphrase is that you will be required to type it in every time you use your key. Consider all the variables for your application\u2014if this is a personal server, no passphrase or a weaker passphrase may be sufficient. If your server is hosting user data, safety is of much greater importance.<\/p>\n<p>You\u2019ll be asked to enter the passphrase again, no matter your choice. The program will then give some additional output, and will create your keys. The public key (the one you may share) is located at <code> \/home\/local-user\/.ssh\/id_rsa.pub <\/code> . The private key is located at <code> \/home\/local-user\/.ssh\/id_rsa <\/code> .<\/p>\n<p>If you want to create SSH keys on Windows using PuTTY, check out <a href=\"https:\/\/www.ssh.com\/academy\/ssh\/putty\/windows\/puttygen\" target=\"_blank\" rel=\"noopener\"> this guide <\/a>.<\/p>\n<h3 id=\"copy-the-ssh-key-to-your-server\">Copy the SSH Key to Your Server<\/h3>\n<p>Now, you need to copy your public key to the VPS that you want to log into. The easiest way to do this is to use the <code> ssh-copy-id <\/code> program.<\/p>\n<pre><code class=\"language-bash hljs\">ssh-copy-id <mark>username<\/mark>@remote_server\r\n<\/code><\/pre>\n<p>If you don\u2019t have that program available, you can also use the following command, which pipes the content of your public key file through SSH and appends the output to the end of the <code> authorized_keys <\/code> file on your server.<\/p>\n<pre><code class=\"language-bash hljs\">cat ~\/.ssh\/id_rsa.pub | ssh <mark>username<\/mark>@remote_server <span class=\"hljs-string\">\"cat &gt;&gt; ~\/.ssh\/authorized_keys\"<\/span>\r\n<\/code><\/pre>\n<p>You\u2019ll see some output related to connecting to the server and copying your public key into the <code> authorized_keys <\/code> file on the VPS. Now you can try logging in with SSH again.<\/p>\n<pre><code class=\"language-bash hljs\">ssh <mark>username<\/mark>@remote_server\r\n<\/code><\/pre>\n<p>If you did not secure your SSH key with a passphrase, you\u2019ll be immediately logged in. If you used a passphrase, SSH will ask for it. It\u2019s important to remember that SSH is asking for your SSH key\u2019s <em> passphrase <\/em> , not any of the user passwords you might have entered in earlier steps.<\/p>\n<h3 id=\"disable-password-based-logins\">Disable Password-based Logins<\/h3>\n<p>Once you\u2019ve ensured that you can log into your VPS with SSH keys, you can further improve SSH safety by disabling password-based logins for the root user and others.<\/p>\n<p>Log into your VPS if you\u2019re not already.<\/p>\n<pre><code class=\"language-bash hljs\">ssh <mark>username<\/mark>@remote_server\r\n<\/code><\/pre>\n<p>Open up the SSH configuration file in your editor of choice. <code> nano <\/code> is a user-friendly option for those newer to Linux administration.<\/p>\n<pre><code class=\"language-bash hljs\">sudo nano \/etc\/ssh\/sshd_config\r\n<\/code><\/pre>\n<p>You\u2019re looking for two lines: one that begins with <code> PermitRootLogin <\/code> and another that begins with <code> PasswordAuthentication <\/code> . Change them to the following:<\/p>\n<pre><code class=\"hljs nginx\"><span class=\"hljs-attribute\">PermitRootLogin<\/span> <span class=\"hljs-literal\">no<\/span>\r\nPasswordAuthentication <span class=\"hljs-literal\">no<\/span>\r\n<\/code><\/pre>\n<p>Finally, reload <code> ssh <\/code> to enable this change (for Ubuntu-based servers).<\/p>\n<pre><code class=\"language-bash hljs\">sudo systemctl restart ssh\r\n<\/code><\/pre>\n<p>Future logins will now be performed using your SSH key, and you won\u2019t be able to directly log into the root account.<\/p>\n<p>With any luck, all goes well and you\u2019ll now be able to access your VPS easily and securely via SSH authentication.<\/p>\n<p>Next, you can install the LAMP stack on your server, by following our <a href=\"https:\/\/www.ssdnodes.com\/blog\/installing-lamp-on-ubuntu-22-04-lts-jammy-jellyfish\/\">Installing LAMP<\/a> guide. You can also install LEMP with our <a href=\"https:\/\/www.ssdnodes.com\/blog\/installing-lemp-on-ubuntu-22-04-lts-jammy-jellyfish\/\">LEMP tutorial<\/a>, or even WordPress by going through <a href=\"https:\/\/www.ssdnodes.com\/blog\/how-to-install-wordpress-with-lemp-and-mariadb-on-ubuntu\/\">How to Install WordPress with LEMP and MariaDB on Ubuntu 24.04<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As soon as your new virtual private server (VPS) is partitioned, you\u2019ll probably want to log in and get started. SSH is your answer.<\/p>\n","protected":false},"author":19,"featured_media":8876,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[18,30],"tags":[],"class_list":["post-2903","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops","category-tutorials"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/2903","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/comments?post=2903"}],"version-history":[{"count":19,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/2903\/revisions"}],"predecessor-version":[{"id":11154,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/2903\/revisions\/11154"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/media\/8876"}],"wp:attachment":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/media?parent=2903"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/categories?post=2903"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/tags?post=2903"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}