Table of Contents
Securing SSH is one of the most important steps to protect your VPS. Root login allows attackers to target the most powerful account on your server, and password-based authentication is vulnerable to brute force attacks. Using SSH keys instead of passwords,
Step 1: Create a New User
Using a non-root user is safer for daily server management.Creates a new user for secure SSH access.
adduser username
Step 2: Grant Sudo Privileges
Your new user needs administrative rights to perform system tasks.Allows the user to run commands with sudo.
usermod -aG sudo username
Step 3: Generate SSH Keys
SSH keys provide a secure, passwordless way to access the server.Generates a public and private SSH key pair.
ssh-keygen -t rsa -b 4096
Step 4: Copy the Public Key to the Server
Copy your public key to the server to enable key-based authentication.Uploads your SSH key to the server for secure login.
ssh-copy-id username@server_ip
Step 5: Disable Root Login
Edit the SSH configuration file to block root access.Prevents direct root SSH login.
sudo nano /etc/ssh/sshd_config
Set the following:
PermitRootLogin no
Step 6: Disable Password Authentication
To ensure only SSH keys are used, disable password login.Blocks login using passwords.
PasswordAuthentication no
Step 7: Restart SSH
After making configuration changes, restart the SSH service to apply them.Applies the new SSH settings.
sudo systemctl restart ssh
Step 8: Test SSH Login
Before closing your session, test that your new user can log in with SSH keys.Verifies key-based authentication works.
ssh username@server_ip
Step 9: Enable a Firewall
Limit SSH access and protect your server from unauthorized connections.Enables the firewall and allows SSH traffic only.
sudo ufw allow 22/tcp
Activates the firewall to protect the server:
sudo ufw enable
