SSH
To securely access your server, you will use an SSH connection.
Client Side
If you don't already have one, generate an SSH key pair on your client
ssh-keygen -t ed25519
Navigate to the SSH directory, and you should see both the public and private SSH keys
ls -l .ssh/
total 2
-rw-------. 1 user user size Mar 12 18:08 id_ed25519
-rw-r--r--. 1 user user size Mar 12 18:08 id_ed25519.pub
Add your public SSH key to the authorized_keys file on your VPS to enable secure SSH connections. If you do not perform this step you will be locked out and unable to connect to your VPS as it will be refused!
ssh-copy-id -i ~/.ssh/id_ed25519.pub username@server_ip
If the import fails, ensure that the .ssh/ folder exists on your server under the newly created user. If it does not exist, create it by doing mkdir ~/.ssh
Server Side
Your public key will be now visible on your server by typing
cat ~.ssh/authorized_keys
For security purposes it is recommended to change the default port 22 to another one; let's say 2222. Check if the port is not already being used by another service
grep 2222 /etc/services
On your server machine, install the firewall
sudo apt-get install ufw
If the port is not already being used by another service, you can add it to your firewall
sudo ufw allow 2222/tcp
Enable the firewall
sudo ufw enable
Check firewall status to see if the port has been enabled
sudo ufw status
Open the SSH config file
sudo nano /etc/ssh/sshd_config
Set the following fields
# For security purposes we want to use a port number which is not the default one 22
Port 2222
# Better disable root login via SSH. If needed better to switch to root once
# connected with a normal user
PermitRootLogin no
# Authentication with public key is preferred
PubkeyAuthentication yes
# Better not to use password authentication
PasswordAuthentication no
Restart the service
sudo service sshd restart
Connect to your machine via SSH using the new port
ssh sentinel@machine_ip -p 2222