As soon as your new virtual private server (VPS) is partitioned, you’ll probably want to log in and get started. Secure Shell, most commonly referred to as SSH, is your go-to option for logging into your server. In this tutorial, we’ll cover basic SSH authentication, followed by ways of making logging in easier. Finally, we’ll cover some easy-to-use strategies for improving the overall security of SSH authentication.
You need a few things to log into your server via SSH:
- A virtual private server running any of our OS options
- Your server’s IP address
- Your login/password credentials
- Your preferred SSH client
Finding the key information
You might not be familiar with all of the terms above, or where to find them. Let’s quickly walk through your IP address, username/password, and what an SSH client is.
Your server’s IP address
Your IP address is similar to the address to your home or apartment—it tells your computer “where” your server is on the internet.
Your login/password credentials
If this is your very first time logging in, you’ll be using the administrative account—also known as the Superuser—which is typed in as root.
Your preferred SSH client
On Linux and OS X computers, the default SSH client is OpenSSH, and should come pre-installed. There’s nothing more to install—you’re ready to go by opening a terminal using the ssh command.
On Windows, we recommend a free, open-source program called PuTTY. We recommend downloading the MSI installer to ensure you have all the necessary utilities to do more advanced techniques, like key-based logins.
The basic login (Linux/OS X)
By default, SSD Nodes servers are accessible through SSH, so you don’t need to spend any time on setup—just launch your favorite terminal emulator (Linux/OS X) and call the ssh command using the root user and the IP address you found above:
You might get a warning the first time you try connecting to your server—simply put, your computer just doesn’t recognize the remote server. You can safely type yes here—you won’t see the warning again.
From here, you’ll be asked for your password—remember that it’s case sensitive!
At this point, you should be logged in and ready to take the next steps with your VPS. If you need some advice about what you can do, check out our blog post “What is a Virtual Private Server, and What Can it Do?”
The Putty-based login
If you’re using a Windows machine, we recommend PuTTY to log in to your VPS. If it’s your first time launching PuTTY, you’ll be prompted with a configuration screen. Use the following configurations:
Host Name (or IP address): IP_address
Connection type: SSH
Click Open to begin the connection. If this is your first time, you’ll see a short warning. You can accept the connection by clicking Yes .
First, you’ll be prompted for a user account:
Enter root here. You’ll be prompted for your password.
Using keyboard-interactive authentication.
After this, you’ll be logged into a secure connection with your VPS.
If all you’re interested in is logging in to your VPS via SSH, you’ll be set at this point. Read on to learn more tips about how to create a non-root, sudo-enabled user, improve the security of your SSH connection, and more.
Adding a new user
Right now, you’re logging into your server and performing all commands as the root user. This user has permissions to change every aspect of your server. This is good for the sake of administration, but regularly logging in and navigating your VPS as root isn’t great for security.
Instead, you should add a new user for the purposes of logging in and doing administrative work. Replace username with your preferred username.
The command will ask you to input a password. We highly recommend a strong, secure password.
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
You’ll also be asked to input some other information. The default option is fine, so just hit Enter for each of these and then type Y to confirm.
Enter the new value, or press ENTER for the default
Full Name :
Room Number :
Work Phone :
Home Phone :
Is the information correct? [Y/n]
Add the new user to the sudo group.
usermod -aG sudo remote-user
Before we can test out whether sudo access is working, we need to log into the user account.
Now, make sure your sudo access is working. One way of doing this is by listing the /root/ directory, which is only possible with sudo access. You’ll be asked for your user’s password to authenticate.
sudo ls -la /root
[sudo] password for username:
Upgrading to private key authentication
SSH is, inherently, a very secure method of connecting to remote servers, but there are some additional steps that you can take to further ensure the legitimacy of your connections. SSH keys are the easiest and best way to make this happen.
SSH authentication involves a public key and a private key—the public key can be freely shared around the internet, while your private key should never be shared with anyone or brought outside your local machine. By placing your public key on your VPS, you can match up the public key with your private key to log in. This dramatically increases the security of the connection—SSH keys are nearly impossible to attack via brute force.
Create the SSH keys
First, create your keys on your local machine:
ssh-keygen -t rsa
You’ll be prompted with a request on where to save the newly-created files.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
The best option here is to type Enter and place the keys in their default location. Next, you’ll be asked for a passphrase.
Enter passphrase (empty for no passphrase):
There are pros and cons to whether or not you choose to secure your SSH key with a passphrase. Passphrases offer increased security—even if a hacker gained access to your private key, they would also need to figure out your passphrase before they could use it against you. It’s almost like having two-factor authentication built into SSH.
The con of having a strong, secure passphrase is that you will be required to type it in every time you use your key. Consider all the variables for your application—if this is a personal server, no passphrase or a weaker passphrase may be sufficient. If your server is hosting user data, security is of much greater importance.
You’ll be asked to enter the passphrase again, no matter your choice. The program will then give some additional output, and will create your keys. The public key (the one you may share) is located at /home/local-user/.ssh/id_rsa.pub . The private key is located at /home/local-user/.ssh/id_rsa .
If you want to create SSH keys on Windows using PuTTY, check out this guide from Siteground .
Copy the SSH key to your server
Now, you need to copy your public key to the VPS that you want to log into. The easiest way to do this is to use the ssh-copy-id program.
If you don’t have that program available, you can also use the following command, which pipes the content of your public key file through SSH and appends the output to the end of the authorized_keys file on your server.
cat ~/.ssh/id_rsa.pub | ssh remote-user@remote_server "cat >> ~/.ssh/authorized_keys"
You’ll see some output related to connecting to the server and copying your public key into the authorized_keys file on the VPS. Now you can try logging in with SSH again.
If you did not secure your SSH key with a passphrase, you’ll be immediately logged in. If you used a passphrase, SSH will ask for it. It’s important to remember that SSH is asking for your SSH key’s passphrase , not any of the user passwords you might have entered in earlier steps.
Disable password-based logins
Once you’ve ensured that you can log into your VPS with SSH keys, you can further improve security by disabling password-based logins for the root user and others.
Log into your VPS if you’re not already.
Open up the SSH configuration file in your editor of choice. nano is a user-friendly option for those newer to Linux administration.
sudo nano /etc/ssh/sshd_config
You’re looking for two lines: one that begins with PermitRootLogin and another that begins with PasswordAuthentication . Change them to the following:
Finally, reload ssh to enable this change (for Ubuntu-based servers).
sudo systemctl restart ssh
Future logins will now be performed using your SSH key, and you won’t be able to directly log into the root account.