Secure Shell (SSH) is one of the most essential tools for system administrators, developers, and IT professionals who manage remote servers. Whether you’re hosting a website, running applications, or deploying databases, SSH provides encrypted access to your server from anywhere in the world. However, if it’s not properly configured, SSH can also become a vulnerable entry point for cyberattacks.
In this comprehensive guide, we’ll explain how to configure and secure SSH access on VPS USA — ensuring maximum security, speed, and control over your virtual environment. We’ll also show how you can easily set up a reliable VPS from 99RDP to enjoy pre-optimized performance and security.
1. Understanding SSH and Why It Matters
SSH (Secure Shell) is a protocol that allows secure communication between your local computer and a remote server. It uses encryption and authentication to prevent unauthorized access and eavesdropping.
When you log into your VPS using SSH, your credentials and data are encrypted, unlike older protocols like Telnet, which transmit information in plain text.
Key benefits of SSH include:
-
Encrypted Communication: Protects sensitive credentials and commands.
-
Remote Administration: Allows you to manage your VPS from anywhere.
-
Port Forwarding and Tunneling: Helps secure connections between internal services.
-
File Transfer Support: Tools like
scpandsftpenable secure file uploads and downloads.
2. Connecting to Your VPS USA via SSH
Before securing SSH, let’s understand how to access your VPS initially.
Step 1: Gather Your VPS Credentials
After purchasing a VPS from 99RDP, you’ll receive an email containing:
-
The IP address of your VPS
-
The username (usually
rootoradmin) -
The password or private key (if key-based authentication is enabled)
Step 2: Use an SSH Client
Depending on your operating system:
-
Windows: Use a client like PuTTY or Windows Terminal
-
macOS/Linux: Use the built-in terminal
Example command:
ssh root@your_vps_ip
When prompted, enter the password provided. Once connected, you’ll have full command-line control over your VPS.
3. Changing the Default SSH Port
One of the easiest ways to reduce brute-force attacks is to change the default SSH port from 22 to another unused number.
How to Change the SSH Port:
-
Open the SSH configuration file:
nano /etc/ssh/sshd_config -
Find the line:
#Port 22 -
Uncomment and change it to something like:
Port 2025 -
Save the file (
Ctrl + O, thenCtrl + X). -
Restart the SSH service:
systemctl restart sshd -
Update your firewall to allow the new port:
ufw allow 2025/tcp
Now, you’ll connect using:
ssh -p 2025 root@your_vps_ip
4. Disabling Root Login for Better Security
The root account has full control over your server, making it a prime target for hackers. It’s safer to disable root SSH login and use a standard user with sudo privileges.
Steps:
-
Create a new user:
adduser username -
Add the user to the sudo group:
usermod -aG sudo username -
Edit SSH configuration:
nano /etc/ssh/sshd_config -
Find the line:
PermitRootLogin yesChange it to:
PermitRootLogin no -
Restart SSH:
systemctl restart sshd
Now you can log in using your new user account and escalate privileges with sudo when necessary.
5. Enabling SSH Key Authentication
Password authentication is convenient but not the most secure. SSH key-based authentication provides a much stronger layer of protection against brute-force attacks.
Steps to Set Up SSH Keys:
-
Generate SSH Keys on Your Local Machine:
ssh-keygen -t rsa -b 4096You can also use newer algorithms like ed25519:
ssh-keygen -t ed25519 -
Copy the Public Key to Your VPS:
ssh-copy-id username@your_vps_ip -
Verify the Key Works:
ssh username@your_vps_ip -
Disable Password Authentication:
Edit the SSH config file again:nano /etc/ssh/sshd_configSet:
PasswordAuthentication noThen restart SSH:
systemctl restart sshd
From now on, only systems with the private key can log in.
6. Limiting SSH Access with a Firewall
A firewall is critical to control which IPs can access your SSH port. On Ubuntu or Debian systems, UFW (Uncomplicated Firewall) is a simple tool to manage this.
Basic Setup:
ufw allow 2025/tcp
ufw enable
ufw status
Restrict SSH Access by IP:
ufw allow from your_ip_address to any port 2025
This ensures only your machine (or authorized IPs) can access SSH.
7. Using Fail2Ban to Block Malicious Attempts
Fail2Ban is a popular intrusion prevention software that blocks IPs showing malicious behavior (like repeated failed login attempts).
Installation:
apt install fail2ban -y
Configuration:
Copy the default configuration:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Open the file:
nano /etc/fail2ban/jail.local
Under [sshd], set:
enabled = true
port = 2025
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
Restart the service:
systemctl restart fail2ban
Now, any IP that fails to log in three times will be banned for one hour automatically.
8. Enabling Two-Factor Authentication (2FA) for SSH
For even greater security, you can use Google Authenticator or Authy to enable 2FA on your VPS SSH access.
Steps:
-
Install the Google Authenticator package:
apt install libpam-google-authenticator -y -
Run:
google-authenticatorThis will generate a QR code you can scan with your authenticator app.
-
Edit the PAM configuration file:
nano /etc/pam.d/sshdAdd this line:
auth required pam_google_authenticator.so -
Edit SSH configuration:
nano /etc/ssh/sshd_configSet:
ChallengeResponseAuthentication yesRestart SSH:
systemctl restart sshd
Now you’ll need your verification code from the authenticator app during login.
9. Regular SSH Maintenance Tips
Even with strong security, regular maintenance helps keep your VPS safe:
-
Update your system regularly:
apt update && apt upgrade -y -
Check login history:
last -a -
Review SSH logs:
tail -f /var/log/auth.log -
Use strong keys and passphrases for added safety.
10. Why Use VPS USA from 99RDP
If you’re setting up a new secure VPS environment, choosing a trusted VPS provider is as important as configuring SSH itself.
99RDP offers VPS USA plans with:
-
Full SSH access
-
DDoS protection
-
99.9% uptime
-
SSD/NVMe storage for faster performance
-
24/7 technical support
-
Flexible OS options (Linux, Windows, CentOS, Ubuntu, etc.)
With a VPS from 99RDP, you can configure SSH securely from day one while enjoying fast connections and strong infrastructure reliability across USA data centers.
Conclusion
Securing SSH access on your VPS USA is not just a recommendation — it’s a necessity. By following best practices like changing the default port, disabling root login, using SSH keys, and enabling Fail2Ban, you significantly reduce the risk of unauthorized access.
When paired with a high-performance and secure VPS provider like 99RDP, your SSH environment becomes even more robust, reliable, and efficient for remote server management.
Take the time to implement these steps today — your VPS security depends on it.

Comments
Post a Comment