Skip to main content

SSH

To securely access your server, you will use an SSH connection.

Client Side

If you don't already have one, generate an SSH key pair on your client

ssh-keygen -t ed25519

Navigate to the SSH directory, and you should see both the public and private SSH keys

ls -l .ssh/

total 2
-rw-------. 1 user user  size Mar 12 18:08 id_ed25519
-rw-r--r--. 1 user user  size Mar 12 18:08 id_ed25519.pub
Important

Add your public SSH key to the authorized_keys file on your VPS to enable secure SSH connections. If you do not perform this step you will be locked out and unable to connect to your VPS as it will be refused!

ssh-copy-id -i ~/.ssh/id_ed25519.pub username@server_ip

Server Side

If importing the SSH key fails, check if the .ssh/ directory exists on your server. If it doesn’t, create it along with the authorized_keys file by running the following commands:

mkdir -p ~/.ssh
chmod 700 ~/.ssh

touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

After that, run the ssh-copy-id command again from your client.

To verify that your public key has been added on your server, run:

cat ~/.ssh/authorized_keys

For security purposes it is recommended to change the default port 22 to another one; let's say 2222. Check if the port is not already being used by another service

grep 2222 /etc/services

On your server machine, install the firewall

sudo apt-get install ufw

If the port is not already being used by another service, you can add it to your firewall

sudo ufw allow 2222/tcp

Enable the firewall

sudo ufw enable

Check firewall status to see if the port has been enabled

sudo ufw status

Open the SSH config file

sudo nano /etc/ssh/sshd_config

Set the following fields

/etc/ssh/sshd_config
# For security purposes we want to use a port number which is not the default one 22
Port 2222

# Better disable root login via SSH. If needed better to switch to root once
# connected with a normal user
PermitRootLogin  no

# Authentication with public key is preferred
PubkeyAuthentication  yes

# Better not to use password authentication
PasswordAuthentication  no

Restart the service

sudo service sshd restart

Connect to your machine via SSH using the new port

ssh sentinel@machine_ip -p 2222