Sunday, October 19, 2025

How to Secure SSH Access on VPS USA

Secure Shell (SSH) is one of the most important components for managing your VPS USA. It allows users to securely connect to remote servers, execute commands, and manage files through an encrypted channel. However, SSH is also one of the most targeted services by hackers. If left unsecured, it can expose your VPS to brute-force attacks, unauthorized access, and data theft.

In this comprehensive guide, we’ll walk through effective methods to secure SSH access on your VPS USA and protect your system from potential threats. Whether you’re a system administrator, developer, or business owner using servers from 99RDP, these techniques will help ensure your VPS remains safe and resilient.



Why SSH Security Matters

SSH acts as the gateway to your VPS. Once an attacker gains access via SSH, they can control your system completely. This includes:

  • Installing malicious software

  • Accessing confidential files

  • Modifying configurations

  • Stealing credentials and data

In most cases, hackers use automated bots that scan thousands of IP addresses for open SSH ports and attempt brute-force attacks using common username and password combinations. Therefore, securing SSH isn’t optional — it’s essential.


Step 1: Use Strong and Unique Passwords

The simplest but often overlooked security measure is setting a strong password. Weak passwords like “admin123,” “root,” or “password” make it easy for attackers to guess your credentials.

Tips for Creating a Strong Password:

  • Use at least 12–16 characters

  • Include upper and lower case letters, numbers, and special symbols

  • Avoid dictionary words or personal information

  • Change passwords periodically

  • Use a password manager for securely storing credentials

For best results, consider disabling password authentication entirely and switching to SSH key-based authentication (discussed in the next step).


Step 2: Enable SSH Key Authentication

SSH keys are far more secure than passwords. They use a pair of cryptographic keys — a private key (stored on your local device) and a public key (stored on your VPS USA). When you log in, the VPS verifies the private key without transmitting it over the network.

How to Set Up SSH Key Authentication:

  1. Generate SSH Keys on your local machine:

    ssh-keygen -t rsa -b 4096
    

    You can also use ed25519 for even stronger encryption:

    ssh-keygen -t ed25519
    
  2. Copy the Public Key to Your VPS:

    ssh-copy-id user@your_vps_ip
    
  3. Disable Password Authentication for additional security:
    Open the SSH configuration file:

    sudo nano /etc/ssh/sshd_config
    

    Find and modify these lines:

    PasswordAuthentication no
    PubkeyAuthentication yes
    
  4. Restart SSH Service:

    sudo systemctl restart ssh
    

Once this setup is complete, only users with the private key can access the VPS.


Step 3: Change the Default SSH Port

By default, SSH runs on port 22, which is commonly targeted by bots and automated scanners. Changing this port makes it slightly harder for attackers to locate your SSH service.

To Change the SSH Port:

  1. Edit the SSH configuration file:

    sudo nano /etc/ssh/sshd_config
    
  2. Locate the line:

    #Port 22
    
  3. Uncomment it and change it to a new port, such as 2222 or 22022:

    Port 2222
    
  4. Restart SSH:

    sudo systemctl restart ssh
    
  5. Update your firewall to allow the new port:

    sudo ufw allow 2222/tcp
    

Note: Avoid using ports below 1024 and keep a record of your new SSH port for future connections.


Step 4: Disable Root Login

Allowing direct root access via SSH is risky. If an attacker compromises the root account, they gain unrestricted control over your VPS.

To Disable Root Login:

  1. Open SSH configuration:

    sudo nano /etc/ssh/sshd_config
    
  2. Find the line:

    PermitRootLogin yes
    
  3. Change it to:

    PermitRootLogin no
    
  4. Restart the SSH service:

    sudo systemctl restart ssh
    

Now, create a separate non-root user and assign sudo privileges to perform administrative tasks securely.


Step 5: Set Up a Firewall for SSH Protection

A firewall acts as a protective barrier between your VPS and the internet. It allows you to control incoming and outgoing traffic, ensuring only legitimate connections reach your SSH service.

Configure UFW (Uncomplicated Firewall):

  1. Enable UFW:

    sudo ufw enable
    
  2. Allow SSH on your chosen port:

    sudo ufw allow 2222/tcp
    
  3. Deny all other unnecessary ports:

    sudo ufw default deny incoming
    sudo ufw default allow outgoing
    
  4. Check the status:

    sudo ufw status
    

This ensures that only authorized traffic can reach your VPS.


Step 6: Implement Fail2Ban for Brute-Force Protection

Fail2Ban automatically detects and blocks IP addresses that show malicious signs — such as multiple failed login attempts.

Install and Configure Fail2Ban:

sudo apt install fail2ban

Create a local configuration file:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the [sshd] section:

[sshd]
enabled = true
port = 2222
maxretry = 3
bantime = 3600

Restart the service:

sudo systemctl restart fail2ban

Now, Fail2Ban will block IPs that attempt too many failed logins, reducing brute-force attack risks.


Step 7: Restrict SSH Access by IP Address

If you connect to your VPS from a fixed IP (e.g., office or home), you can restrict SSH access to that specific IP.

Example using UFW:

sudo ufw allow from your_ip_address to any port 2222

Block all other IPs from accessing SSH:

sudo ufw deny 22/tcp

This ensures that even if someone discovers your SSH port, they cannot connect unless from your whitelisted IP.


Step 8: Use Two-Factor Authentication (2FA) for SSH

Adding two-factor authentication (2FA) adds another layer of security by requiring a temporary verification code along with your SSH key.

To Enable 2FA:

  1. Install Google Authenticator PAM module:

    sudo apt install libpam-google-authenticator
    
  2. Run the setup:

    google-authenticator
    
  3. Answer the prompts and scan the QR code using an app like Google Authenticator or Authy.

  4. Edit the SSH PAM file:

    sudo nano /etc/pam.d/sshd
    

    Add this line:

    auth required pam_google_authenticator.so
    
  5. Enable 2FA in the SSH configuration:

    sudo nano /etc/ssh/sshd_config
    

    Set:

    ChallengeResponseAuthentication yes
    
  6. Restart SSH:

    sudo systemctl restart ssh
    

Now, every SSH login will require a time-based OTP code — making your VPS USA nearly impossible to breach with brute-force attacks.


Step 9: Monitor SSH Logs Regularly

Keep an eye on your SSH logs to identify any suspicious activity. Monitoring helps you detect unauthorized attempts early and take action promptly.

View SSH logs:

sudo cat /var/log/auth.log | grep sshd

You can also integrate monitoring tools like Grafana and Prometheus (see 99RDP’s VPS Monitoring Guide) for visual analytics and automated alerts.


Step 10: Keep Your VPS and SSH Packages Updated

Security patches are released regularly to fix vulnerabilities. Keeping your VPS up-to-date ensures you’re protected against the latest threats.

Update your VPS:

sudo apt update && sudo apt upgrade -y

For CentOS or RHEL:

sudo yum update -y

Always restart your SSH service after major updates to ensure new configurations take effect.


Final Thoughts

Securing SSH access on your VPS USA is a critical step toward maintaining server integrity and data protection. By combining key-based authentication, port modifications, firewalls, and 2FA, you can significantly reduce the risk of unauthorized access.

If you’re managing multiple servers or need reliable, pre-secured VPS solutions, check out 99RDP. Their VPS USA hosting plans come with advanced security features, easy setup options, and 24/7 support — making it easier to protect your infrastructure from potential threats.

With the right configuration and consistent monitoring, you can enjoy peace of mind knowing that your SSH access is truly secure.


Reference:
For high-performance and secure VPS hosting solutions, visit 99RDP — your trusted partner for VPS, RDP, and dedicated server services.


No comments:

Post a Comment

Admin RDP vs Traditional Remote Desktop Software: Pros and Cons

In the digital age, remote access has become a necessity for businesses, IT professionals, and individuals who need to manage systems, perfo...