Connecting to your VPS with SSH and improving security

A picture of network cabling

As soon as your new virtual private server (VPS) is partitioned, you’ll probably want to log in and get started. Secure Shell, most commonly referred to as SSH, is your go-to option for logging into your server. In this tutorial, we’ll cover basic SSH authentication, followed by ways of making logging in easier. Finally, we’ll cover some easy-to-use strategies for improving the overall security of SSH authentication.

The prerequisites

You need a few things to log into your server via SSH:

  • A virtual private server running any of our OS options
  • Your server’s IP address
  • Your login/password credentials
  • Your preferred SSH client

Finding the key information

You might not be familiar with all of the terms above, or where to find them. Let’s quickly walk through your IP address, username/password, and what an SSH client is.

Your server’s IP address

Your IP address is similar to the address to your home or apartment—it tells your computer “where” your server is on the internet. Your server’s IP address can be easily discovered by logging into the SSD Nodes dashboard and clicking on Services -> My services in the left-hand navigation or finding the appropriate server under My active servers. Click on the specific server you want to log into. Look for the Primary IP heading.

Primary IP   xxx.xx.xx.xxx

Your login/password credentials

If this is your very first time logging in, you’ll be using the administrative account—also known as the Superuser—which is typed in as root.

This can be confirmed just beneath the Primary IP heading—you’ll also find your default password here.

Username    root
Password    xxxxxxxxxxxx

Your preferred SSH client

On Linux and OS X computers, the default SSH client is OpenSSH, and should come pre-installed. There’s nothing more to install—you’re ready to go by opening a terminal using the ssh command.

On Windows, we recommend a free, open-source program called PuTTY. We recommend downloading the MSI installer to ensure you have all the necessary utilities to do more advanced techniques, like key-based logins.

The basic login (Linux/OS X)

By default, SSD Nodes servers are accessible through SSH, so you don’t need to spend any time on setup—just launch your favorite terminal emulator (Linux/OS X) and call the ssh command using the root user and the IP address you found above:

ssh [email protected]_address

You might get a warning the first time you try connecting to your server—simply put, your computer just doesn’t recognize the remote server. You can safely type yes here—you won’t see the warning again.

From here, you’ll be asked for your password—remember that it’s case sensitive!

At this point, you should be logged in and ready to take the next steps with your VPS. If you need some advice about what you can do, check out our blog post “What is a Virtual Private Server, and What Can it Do?”

The Putty-based login

If you’re using a Windows machine, we recommend PuTTY to log in to your VPS. If it’s your first time launching PuTTY, you’ll be prompted with a configuration screen. Use the following configurations:

Host Name (or IP address): IP_address
Port: 22
Connection type: SSH

Click Open to begin the connection. If this is your first time, you’ll see a short warning. You can accept the connection by clicking Yes .

First, you’ll be prompted for a user account:

login as:

Enter root here. You’ll be prompted for your password.

Using keyboard-interactive authentication.
Password:

After this, you’ll be logged into a secure connection with your VPS.

If all you’re interested in is logging in to your VPS via SSH, you’ll be set at this point. Read on to learn more tips about how to create a non-root, sudo-enabled user, improve the security of your SSH connection, and more.


Adding a new user

Right now, you’re logging into your server and performing all commands as the root user. This user has permissions to change every aspect of your server. This is good for the sake of administration, but regularly logging in and navigating your VPS as root isn’t great for security.

Instead, you should add a new user for the purposes of logging in and doing administrative work. Replace username with your preferred username.

adduser remote-user

The command will ask you to input a password. We highly recommend a strong, secure password.

Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

You’ll also be asked to input some other information. The default option is fine, so just hit Enter for each of these and then type Y to confirm.

Enter the new value, or press ENTER for the default
    Full Name []: 
    Room Number []: 
    Work Phone []: 
    Home Phone []: 
    Other []:
Is the information correct? [Y/n] 

Add the new user to the sudo group.

usermod -aG sudo remote-user

Before we can test out whether sudo access is working, we need to log into the user account.

logout
ssh [email protected]_server

Now, make sure your sudo access is working. One way of doing this is by listing the /root/ directory, which is only possible with sudo access. You’ll be asked for your user’s password to authenticate.

sudo ls -la /root
[sudo] password for username:

Upgrading to private key authentication

SSH is, inherently, a very secure method of connecting to remote servers, but there are some additional steps that you can take to further ensure the legitimacy of your connections. SSH keys are the easiest and best way to make this happen.

SSH authentication involves a public key and a private key—the public key can be freely shared around the internet, while your private key should never be shared with anyone or brought outside your local machine. By placing your public key on your VPS, you can match up the public key with your private key to log in. This dramatically increases the security of the connection—SSH keys are nearly impossible to attack via brute force.

Create the SSH keys

First, create your keys on your local machine:

ssh-keygen -t rsa

You’ll be prompted with a request on where to save the newly-created files.

Enter file in which to save the key (/home/username/.ssh/id_rsa):

The best option here is to type Enter and place the keys in their default location. Next, you’ll be asked for a passphrase.

Enter passphrase (empty for no passphrase):

There are pros and cons to whether or not you choose to secure your SSH key with a passphrase. Passphrases offer increased security—even if a hacker gained access to your private key, they would also need to figure out your passphrase before they could use it against you. It’s almost like having two-factor authentication built into SSH.

The con of having a strong, secure passphrase is that you will be required to type it in every time you use your key. Consider all the variables for your application—if this is a personal server, no passphrase or a weaker passphrase may be sufficient. If your server is hosting user data, security is of much greater importance.

You’ll be asked to enter the passphrase again, no matter your choice. The program will then give some additional output, and will create your keys. The public key (the one you may share) is located at /home/local-user/.ssh/id_rsa.pub . The private key is located at /home/local-user/.ssh/id_rsa .

If you want to create SSH keys on Windows using PuTTY, check out this guide from Siteground .

Copy the SSH key to your server

Now, you need to copy your public key to the VPS that you want to log into. The easiest way to do this is to use the ssh-copy-id program.

ssh-copy-id [email protected]_server

If you don’t have that program available, you can also use the following command, which pipes the content of your public key file through SSH and appends the output to the end of the authorized_keys file on your server.

cat ~/.ssh/id_rsa.pub | ssh [email protected]_server "cat >> ~/.ssh/authorized_keys"

You’ll see some output related to connecting to the server and copying your public key into the authorized_keys file on the VPS. Now you can try logging in with SSH again.

ssh [email protected]_server

If you did not secure your SSH key with a passphrase, you’ll be immediately logged in. If you used a passphrase, SSH will ask for it. It’s important to remember that SSH is asking for your SSH key’s passphrase , not any of the user passwords you might have entered in earlier steps.

Disable password-based logins

Once you’ve ensured that you can log into your VPS with SSH keys, you can further improve security by disabling password-based logins for the root user and others.

Log into your VPS if you’re not already.

ssh [email protected]_server

Open up the SSH configuration file in your editor of choice. nano is a user-friendly option for those newer to Linux administration.

sudo nano /etc/ssh/sshd_config

You’re looking for two lines: one that begins with PermitRootLogin and another that begins with PasswordAuthentication . Change them to the following:

PermitRootLogin no
PasswordAuthentication no

Finally, reload ssh to enable this change (for Ubuntu-based servers).

sudo systemctl restart ssh

Future logins will now be performed using your SSH key, and you won’t be able to directly log into the root account.

 

With any luck, all goes well and you’ll now be able to access your VPS easily and securely via SSH authentication.

10X faster VPS

Get started for just $1!

The 10X Cloud from SSD Nodes is powered by NVMe drives. Faster page loads, more responsive apps, reduced bounces, and faster depolyments.

Try it today for $1.

Get started now