How to configure SSH on your VPS

SSH (Secure Shell) is a protocol that allows you to securely connect to a remote server. For those of us running our own Virtual Private Servers (VPS), SSH is an essential tool.

Note: Substitute the following placeholders with your individual values:

When your VPS is first commissioned, you will likely be given root access. Root access is dangerous, and not recommended to be used in conjunction with SSH.

Create a new user (so we don’t have to use root)

useradd username
mkdir -p /home/username/.ssh
chmod 700 /home/username/.ssh

Create ssh PPK

Run this on the local machine (not the remote)

ssh-keygen -t rsa -b 4096 -f ~/.ssh/ppk_username_rsa

Append new ssh key to remote server

Run this on the local machine (not the remote)

cat ~/.ssh/ppk_username_rsa.pub | ssh root@example.com 'cat >> /home/username/.ssh/authorized_keys'

Run this on the remote

chmod 400 /home/username/.ssh/authorized_keys
chown username:username /home/username -R

Set a password for the new user

passwd username

Give new user sudo access

apt-get install sudo
adduser username sudo

Set shell for server user

chsh -s /bin/bash username

Test that the new user can ssh to the remote server and has sudo

ssh username@example.com
sudo apt-get update

Lock down ssh

nano /etc/ssh/sshd_config

Add these lines to the file, inserting the ip address from where you will be connecting:

PermitRootLogin no
PasswordAuthentication no
AllowUsers username

Now restart ssh:

service ssh restart

Exit root and ensure new user can access remote via ssh

exit

This command should fail:

ssh root@example.com

This command should succeed:

ssh username@example.com

Configure and enable firewall

sudo apt-get install ufw
sudo ufw allow 22
ufw enable

All done!

 

Posted on Mar 30, 2017 in Articles & How To | Tags: LinuxDebianSSH