How to make your VPS secure

If you are searching for a easy and fast way to make your VPS secure, this post is for you.

2 years ago   •   3 min read

By aquasp
Table of contents

Introduction

If you just bought your VPS and are ready to self host, this guide is for you. In my opinion, tihs is one of the most important security improvements that you can do at your VPS.

With this security trick, you are tricky even if someone figures out the password of your VPS.

How to create a SSH key

Before you do this security trick, you need a SSH key. To create one is really simple, specially if you are using Linux. I will show you the basic steps to create a SSH key on Linux, Mac and Windows.

Linux

On linux, you can open a terminal and use the following command

ssh-keygen -trsa

After using it, hit enter three times. There is no need to put a passphrase.

Once this is done, you can see your ssh key at /home/youruser/.ssh or ~/.ssh

You will have two files, id_rsa and ida_rsa.pub. They are the private key and the public key respectively. Make sure to keep both safe as this will be your key to access the VPS.

Mac

On Mac, it's similar. Open a software called "Console" or "Terminal" and type:

ssh-keygen -trsa

After that, hit enter 3 times and your key will be on the home folder of the user, inside a folder that starts with a dot (.ssh).

Windows

Again, this is similar to the previous systems. On Windows, I'do recommend using PowerSheel. You can search in your programs for it. After opening powershell, type the following

ssh-keygen.exe -trsa

Hit enter 3 times as well and the SSH key will be available at C:\Users\YourUser\.ssh

Adding your SSH key inside the VPS

Now that you have your SSH key, you have to add it inside the VPS. Doing it is pretty simple, specially for linux.

Make sure to replace user with the actual user that you will use and VPSIP with the actual IP of your vps.

Linux

ssh-copy-id user@VPSIP

Windows

Windows may be a bit tricky. You will need to manually copy your SSH key inside the allowed list.

So the first thing is to copy your SSH public key on Windows. Inside PowerShell, run this command:

Get-Content ~.ssh\id_rsa.pub | Set-Clipboard

You can also get it manually by going to the .ssh folder manually.

Once you have your SSH key, you will need to login at the VPS and paste your key at ~/.ssh/id_rsa.pub.

To login at the VPS, just use PowerShell normally:

ssh user@VPSIP

Then, once you are in, you can open the file in this way:

nano ~.ssh\id_rsa.pub

If you don't have nano, you can also use vi, vim or install nano.

Inside this file, just paste your ssh key. Make sure to put it in just one line. It should look like this:

Public SSH key

After that, save the file (ctrl +O) on nano and you are done on this step. Try to login using user@yourVPSIP and you should be happy to see that no password is required anymore.

Mac

For mac, things will be similar to linux as ssh-copy-id should be installed by default.

You can just copy your key to the VPS.

ssh-copy-id user@VPSIP

And you should be all set. Make sure to test to see if you can login on the VPS without a password.

Disabling password authentication

So now that you have your SSH key added to your VPS, you can safely disable authentication by passwords.

To do so, you can login at your VPS:

ssh user@VPSIP

And now you can edit the sshd_config file:

nano /etc/ssh/sshd_config

Inside this file, use ctrl+W on nano to search for the line "usePam". After you find it, make sure to uncomment if that is commented and set it to no:

Now search for the line "PasswordAuthentication". Uncomment it again if that is commented and set it to no:

Now you can just restart the SSHD service:

systemctl restart sshd

Done! You are fully protected against brute force attacks now. Doesn't matters if you are still using the default ssh port (22) or if someone figures out your password. They can't login until they have your id_rsa file :)

If you enjoyed this article, you can share it your friends or subscribe to The Self Hosting Art to keep us motivated. Thank you for reading :)

You can also help with Monero, Litecoin, Bitcoin or Nano: Monero:837X2SppmrrPkBbpsy9HQU1RFxKhsBcn6GdQv2wR5wGoiw8ctfh6Rt36xaszveZHysYA5KSDBr51y5YuQ3YCV23sJS9nhqW BTC:bc1qrvgz7dzzlfllulakw87vzvtf7s2u8t0sxpjehr Litecoin:ltc1qycz6ssg6xjxttuld6l6ulzqdr3y70rm8wv2g9p Nano:nano_1jmd6dg4dbem7f3wrojr7g45ioe6eb5et3iq11f8urfxe8qausxipup8bhua

Spread the word

Keep reading