If you just bought your VPS and are ready to self host, this guide is for you. In my opinion, tihs is one of the most important security improvements that you can do at your VPS.
With this security trick, you are tricky even if someone figures out the password of your VPS.
How to create a SSH key
Before you do this security trick, you need a SSH key. To create one is really simple, specially if you are using Linux. I will show you the basic steps to create a SSH key on Linux, Mac and Windows.
On linux, you can open a terminal and use the following command
After using it, hit enter three times. There is no need to put a passphrase.
Once this is done, you can see your ssh key at /home/youruser/.ssh or ~/.ssh
You will have two files, id_rsa and ida_rsa.pub. They are the private key and the public key respectively. Make sure to keep both safe as this will be your key to access the VPS.
On Mac, it's similar. Open a software called "Console" or "Terminal" and type:
After that, hit enter 3 times and your key will be on the home folder of the user, inside a folder that starts with a dot (.ssh).
Again, this is similar to the previous systems. On Windows, I'do recommend using PowerSheel. You can search in your programs for it. After opening powershell, type the following
Hit enter 3 times as well and the SSH key will be available at C:\Users\YourUser\.ssh
Adding your SSH key inside the VPS
Now that you have your SSH key, you have to add it inside the VPS. Doing it is pretty simple, specially for linux.
Make sure to replace user with the actual user that you will use and VPSIP with the actual IP of your vps.
Windows may be a bit tricky. You will need to manually copy your SSH key inside the allowed list.
So the first thing is to copy your SSH public key on Windows. Inside PowerShell, run this command:
Get-Content ~.ssh\id_rsa.pub | Set-Clipboard
You can also get it manually by going to the .ssh folder manually.
Once you have your SSH key, you will need to login at the VPS and paste your key at ~/.ssh/id_rsa.pub.
To login at the VPS, just use PowerShell normally:
Then, once you are in, you can open the file in this way:
If you don't have nano, you can also use vi, vim or install nano.
Inside this file, just paste your ssh key. Make sure to put it in just one line. It should look like this:
After that, save the file (ctrl +O) on nano and you are done on this step. Try to login using user@yourVPSIP and you should be happy to see that no password is required anymore.
For mac, things will be similar to linux as ssh-copy-id should be installed by default.
You can just copy your key to the VPS.
And you should be all set. Make sure to test to see if you can login on the VPS without a password.
Disabling password authentication
So now that you have your SSH key added to your VPS, you can safely disable authentication by passwords.
To do so, you can login at your VPS:
And now you can edit the sshd_config file:
Inside this file, use ctrl+W on nano to search for the line "usePam". After you find it, make sure to uncomment if that is commented and set it to no:
Now search for the line "PasswordAuthentication". Uncomment it again if that is commented and set it to no:
Now you can just restart the SSHD service:
systemctl restart sshd
Done! You are fully protected agains brute force attacks now. Doesn't matters if you are sitll using the default ssh port (22) or if someone figures out your password. They can't login until they have your id_rsa file :)
If you enjoyed this article, you can share it your friends or subscribe to The Self Hosting Art to keep us motivated. Thank you for reading :)