Configuring a secure SSH-based connection to your VPS server

Introduction

SSH is a go-to method of connecting to remote servers, VPS or not. It is handy, multiplatform ( there are ssh clients even for mobile devices ), allows you to control the machine almost as if you were sitting in front of it and has a lot of useful features. However in the modern IT world a huge emphasis is put on security, so i am going to share a few details on how to secure your ssh access. You will create a pair of keys: private and public. Private is your secure key, that you should protect, keep safe and not share with anyone. It is used to identify you as a unique user. Public is a key, that can be distributed to remote server or service. It is a public part of the created key-pair, and identifies itself with a private key. So when you access a server or service with a private key, it's compared to public key, stored on that remote machine and if they match, you are allowed to access.

Prerequisites

You'll need:

1) CentOS 7.4 VPS server

2) Basic knowledge how to edit files in Linux systems

3) Linux or Windows host machine, from which you access the VPS server.

Generating a ssh key pair on your host machines

If your system, from which you access VPS, is Linux ( Fedora 25 system was used, as a typical home/workplace Linux system):

1) run ssh-keygen and follow on-screen instructions

ssh-keygen

You will be prompted to enter a key storage location ( you may leave it as is ). ssh-keygen will also request you to enter the password to protect the key. While key can be left passwordless, as it is sometimes useful for specific configurations ( automated systems, without a user input ) it is recommended to protect your key with a password, so even if key pair is compromised, your key solely will not allow attacker to reach VPS server. Remember the password. If you forget it, there is no way to restore access to your key. ssh-keygen on Linux

2) Backup your keys on a secure, safe storage

3) run cat /home/vpsuser/.ssh/id_rsa.pub ( replace path with the one, you have actually used ) and copy the key. linux ssh key

4) You need to put a copied key as a new string into

`/root/.ssh/authorized_keys`

on your VPS server. It should look like this authorized keys Notice that each key starts as a separate string. 5) To connect from linux machine to your VPS server through ssh, you just need to run

ssh -i /home/vpsuser/.ssh/id_rsa.pub root@<your server ip>

ssh connection from Linux

If your system, from which you access VPS, is Windows ( Windows 10 was used, as a typical home/workplace Windows system): 1) Run puttygen tool, that comes out of the box with a putty installation. If you system lacks puttygen, or you use a portable version of putty binary, download 32bit or 64 bit binary from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html[1] puttygen 2) Press "generate" and it will ask you to move mouse on the empty area to generate random data, and will provide you an ssh key pair. filledputtygen 2.1) Enter password to "Key passphraze" and confirmation fields. Remember the password. 2.2) Copy the contents of the "public key for pasting into Openssh authorized_keys file:" 2.3) Save public and private key to a secure, safe storage

3) Copy's the contents of the "public key for pasting into Openssh authorized_keys file:" windows in puttygen 4) Go back to your VPS server. We need to add the public part of the key pair, we have just created to the list of authorized keys. Put a copied key as a new string into

/root/.ssh/authorized_keys

On your VPS server. It should look like this authorized keys Notice that each key starts as a separate string. 5) Test connection to your VPS server 5.1) Open putty and go to Connection - SSH - Auth in the left panel. 5.2) Open you private key file by pressing Browse near the Private key for authentication field private key 5.3) Go back to Session in the left panel of putty, enter your server hostname or ip with a login name ( optional, as putty will prompt for it anyway ) and press Open. putty open 5.4) Putty will prompt for key password at it's screen, and if entered correctly, forward you to your VPS server console putty VPS login

Securing your SSH server

Now you can safely login to your VPS server from both Linux and Windows machine. At this moment you should disable access with password to your machine, so all bruteforce attempts are useless. Your system will simply not accept any incoming ssh connection without an authorized ssh key. Open on your VPS server

/etc/sshd/sshd_config

and change PasswordAuthentication yes string to PasswordAuthentication no restart sshd daemon

systemctl restart sshd

and check that it has no problems

systemstl status sshd

sshd status

Conclusion

Securing your ssh connection with ssh key pair, and forbidding login with a password is considered a basic security measure. It protects your server from a lot of attacks, that are based on bruteforce and alphabetical password search. Always protect your VPS server at least with basic measures so you can sleep better :)

[1]: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Related Tutorials

Enabling sudo for your user on Ubuntu 17.04 and CentOS 7.4
Using SFTP protocol to access file on your VPS with Filezilla client
Install WHM/Cpanel on Centos 7
cPanel Server Security Tips and Tutorial
Common SSH Commands