A secure and efficient SSH keys based access for VPS servers

Setting up SSH (Secure Shell) for your Virtual Private Server (VPS) is a crucial step in ensuring secure and efficient remote access.

The major security risks associated with password based login is that it can be easily brute-forced by attackers, especially if you have a weak password.

Rather, I would prefer to add ssh-key and disable password based login to enhance security.

SSH keys provide a secure and efficient method for connecting to your virtual private server without the need for passwords and by using a pair of cryptographic keys.

A public ket which resides on the server and a private key which resides on your local machine.

Here's the quick guide to configure SSH for your VPS:

1. Initial SSH Setup

When you first access your VPS, you'll typically use a default username (like root) and password. It's important to change this immediately to enhance security.

ssh root@your-vps-ip
passwd

After logging in, create a new user with sudo privileges:

adduser aakash
usermod -aG sudo aakash

2. Setting Up SSH Key Authentication

If you are using Linux or macOS, you can generate an SSH key pair using the following command:

Open yout terminal and run:

ssh-keygen -t ed25519

Note: Ed25519 is a modern, recommended key type; you can also use ssh-keygen -t rsa -b 4096 for RSA keys

When promopted, you can press Enter to accept the default file location and optionally set a passphrase for added security. Highly recommended to set a passphrase.

Once done, your public key will be stored in ~/.ssh/id_ed25519.pub and your private key in ~/.ssh/id_ed25519.

3. Uploading Your Public Key to the VPS

First, connect to your VPS using your password:

ssh root@your-vps-ip

Then you need to create the .ssh directory in your new user's home directory and set the correct permissions:

mkdir -p /home/aakash/.ssh
chmod 700 /home/aakash/.ssh

You can use the ssh-copy-id command to upload your public key to the VPS:

Open or create the authorized_keys file in the .ssh directory and add your public key:

nano /home/aakash/.ssh/authorized_keys

Paste the contents of your public key file (~/.ssh/id_ed25519.pub) into this file and save it. Then set the correct permissions:

chmod 600 /home/aakash/.ssh/authorized_keys
chown -R aakash:aakash /home/aakash/.ssh

Alternatively, you can use the following command from your local machine to copy the public key directly:

ssh-copy-id aakash@your-vps-ip

Save and exit.

4. Disabling Password Authentication

To enhance security, it's advisable to disable password authentication entirely. You can edit the SSH configuration file on your VPS:

nano /etc/ssh/sshd_config

Find the following lines and modify them as shown:

PasswordAuthentication no
PermitRootLogin no
PubkeyAuthentication yes

After making these changes, save the file and restart the SSH service to apply the new settings:

systemctl restart sshd

5. Testing Your SSH Configuration

Now, try to connect to your VPS using your new user and SSH key:

ssh aakash@your-vps-ip

If everything is set up correctly, you should be able to log in without being prompted for a password.

Thanks for reading!