SSD Grow

Secure SSH Connection to Your VPS Hosting | Best Practices

Once you have partitioned your new VPS Hosting(virtual private server), you will likely want to log in and start working. For this, Secure Shell (SSH) is the most commonly used option. This tutorial will cover the basics of SSH authentication, ways to make logging in easier, and some simple strategies to improve SSH authentication security.
Before you start, there are a few things you need:
A virtual private server running any of OS options
  • Your server’s IP address
  • Your login/password credentials
  • Your preferred SSH client
  • If you are not familiar with these terms or where to find them, don’t worry. Let’s go through them one by one:

    Your server’s IP address

    Your server’s IP address is similar to the address of your home or apartment. It tells your computer where your server is located on the internet. You can easily find your server’s IP address by logging into the SSD Grow dashboard, navigating to Services -> My services in the left-hand navigation, or by finding the appropriate server under My active servers. Click on the specific server you want to log into and look for the Primary IP heading.

    Primary IP xxx.xx.xx.xxx

    Your login/password credentials

  • If this is your first time logging in, you will be using the administrative account, also referred to as the Superuser. The Superuser account is typed in as “root”.
  • You can confirm that you are using the Superuser account by checking the “Primary IP” heading. Your default password can also be found here.
  • Username root
    Password xxxxxxxxxxxx

    Your preferred SSH client

    OpenSSH is the default SSH client for Linux and OS X computers, and it should already be installed. To get started, open a terminal using the ssh command.
    For Windows, we suggest using PuTTY, a free and open-source program. We recommend downloading the MSI installer to ensure you have all the necessary tools to perform more advanced techniques, such as key-based logins.

    The Basic Login (Linux/OS X)

    SSD Grow servers are accessible through SSH, so you don’t need to spend any time on setup—just launch your favourite terminal emulator (Linux/OS X) and call the ssh command using the root user and the IP address you found above:

    ssh root@IP_address

    You might get a warning the first time you try connecting to your server—simply put, your computer just doesn’t recognize the remote server. You can safely type yes here—you won’t see the warning again.
    From here, you’ll be asked for your password—remember that it’s case-sensitive! At this point, you should be logged in and ready to take the next steps with your VPS Hosting.

    The Putty-based Login

    If you’re using a Windows machine, we recommend PuTTY to log in to your VPS Hosting. If it’s your first time launching PuTTY, you’ll be prompted with a configuration screen. Use the following configurations:

    Host Name (or IP address): IP_address
    Port: 22
    Connection type: SSH

    Click Open to begin the connection. If this is your first time, you’ll see a short warning. You can accept the connection by clicking Yes.
    First, you’ll be prompted for a user account:

    login as:

    Enter root here. You’ll be prompted for your password.

    Using keyboard-interactive authentication.
    Password:

    Adding a New User

    Currently, you may access your server and execute all commands as the root user. This user has the authorization to modify every aspect of your server. While this is beneficial for administrative purposes, frequently logging in and navigating your VPS Hosting as a root user could compromise your server’s security.
    Therefore, creating a new user account specifically for administrative tasks is recommended. You can choose your preferred username to replace the default one.

    adduser username

    The command will ask you to input a password. We highly recommend a strong, secure password.

    Enter new UNIX password:
    Retype new UNIX password:
    passwd: password updated successfully

    You’ll also be asked to input some other information. The default option is fine, so just hit Enter for each of these and then type Y to confirm.

    Enter the new value, or press ENTER for the default
    Full Name []:
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []:
    Is the information correct? [Y/n]

    Add the new user to the sudo group.

    usermod -aG sudo username

    Before we can test out whether sudo access is working, we need to log into the user account.

    logout

    ssh username@remote_server

    Now, make sure your sudo access is working. One way of doing this is by listing the /root/ directory, which is only possible with sudo access. You’ll be asked for your user’s password to authenticate.

    sudo ls -la /root

    [sudo] password for username:

    Upgrading to Private Key Authentication

    SSH is an inherently secure method of connecting to remote servers. However, there are some additional steps you can take to further enhance the legitimacy of your connections. The easiest and best way to achieve this is by using SSH keys.
    SSH authentication involves a public key and a private key. While the public key can be shared freely on the internet, you should never share your private key with anyone or take it outside your local machine. By placing your public key on your VPS Hosting, you can match it up with your private key to log in. This significantly increases the security of your connection, as SSH keys are extremely difficult to attack through brute force.

    Create the SSH Keys

    First, create your keys on your local machine:

    ssh-keygen -t rsa

    You’ll be prompted with a request on where to save the newly-created files.

    Enter file in which to save the key (/home/username/.ssh/id_rsa):

    The best option here is to type Enter and place the keys in their default location. Next, you’ll be asked for a passphrase.

    Enter passphrase (empty for no passphrase):

    When it comes to securing your SSH key, there are advantages and disadvantages to using a passphrase. On one hand, a passphrase can provide an extra layer of security since even if someone gains access to your private key, they will still need to know your passphrase to use it. It’s almost like having two-factor authentication for SSH.
    However, using a strong passphrase means you’ll have to type it in every time you use your key. It’s important to consider all the factors for your particular application. If it’s a personal server, a weaker passphrase or no passphrase at all may be sufficient. But if you’re hosting user data, then security becomes a top priority.
    After you’ve made your decision, you’ll be prompted to enter your passphrase (if you choose to use one). Once you do, the program will create your keys and provide additional output. Your public key (which can be shared) will be located at /home/local-user/.ssh/id_rsa.pub, while your private key will be located at /home/local-user/.ssh/id_rsa.

    Copy The SSH Key to Your Server

    Now, you need to copy your public key to the VPS Hosting that you want to log into. The easiest way to do this is to use the ssh-copy-id program.

    ssh-copy-id username@remote_server

    If you don’t have that program available, you can also use the following command, which pipes the content of your public key file through SSH and appends the output to the end of the authorized_keys file on your server.

    cat ~/.ssh/id_rsa.pub | ssh username@remote_server "cat >> ~/.ssh/authorized_keys"

    You’ll see some output related to connecting to the server and copying your public key into the authorized_keys file on the VPS Hosting. Now you can try logging in with SSH again.

    ssh username@remote_server

    If you did not secure your SSH key with a passphrase, you’ll be immediately logged in. If you used a passphrase, SSH will ask for it. It’s important to remember that SSH is asking for your SSH key’s passphrase , not any of the user passwords you might have entered in earlier steps.

    Disable Password-based Logins

    Once you’ve ensured that you can log into your VPS Hosting with SSH keys, you can further improve security by disabling password-based logins for the root user and others. Log into your VPS Hosting if you’re not already.

    ssh username@remote_server

    Open up the SSH configuration file in your editor of choice. nano is a user-friendly option for those newer to Linux administration.

    sudo nano /etc/ssh/sshd_config

    You’re looking for two lines: one that begins with PermitRootLogin and another that begins with PasswordAuthentication. Change them to the following:

    PermitRootLogin no
    PasswordAuthentication no

    Finally, reload ssh to enable this change (for Ubuntu-based servers).

    sudo systemctl restart ssh

    Starting now, you will be able to log in to your VPS Hosting using your SSH key. Direct login to the root account will no longer be available. This change will enable you to access your VPS Hosting more securely and effortlessly via SSH authentication. With a bit of good fortune, everything should work smoothly.

    Conclusion

    In conclusion, establishing a secure SSH connection to your VPS is essential for safeguarding your data and system integrity. With the steps you’ve learned how to connect to your VPS securely and implement crucial security measures. Remember to regularly update your SSH configuration, use strong passwords or SSH keys, and monitor access logs for any suspicious activity. With these practices in place, you can confidently manage your VPS Hosting and protect it from unauthorized access and potential security threats.

    Related Articles

    This is a staging environment