In today's digital landscape, server security is paramount. Whether you're managing a personal blog or running a corporate application, protecting access to your virtual environment is essential. One of the most effective ways to ensure secure, encrypted communication between a client and a server is through SSH – Secure Shell.
This article explains what SSH is, why it's important for your VPS (Virtual Private Server), and how to configure it properly. We'll also explore additional steps like using a firewall, customizing access, and applying IPv6 rules.
What Is SSH (Secure Shell)?
Secure Shell is a specialized cryptographic protocol. It creates a secure environment for the interaction of a client with a server.
Unlike unencrypted protocols like Telnet or FTP, SSH encrypts all communications between your local machine and the remote server. This includes:
- Login credentials
- Commands and terminal output
- File transfers (via SFTP or SCP)
By default, SSH uses port 22, but for better security, this port can be changed — and should be, in most production environments.
Why SSH Is Essential for VPS Security
If you're using a VPS, especially one that handles sensitive data or multiple users, SSH access is crucial. It allows:
- Encrypted remote login
- File uploads and management
- Administrative control without physical access
- Safe automation scripts
Unsecured or improperly configured servers are common targets for bots and attackers. With a properly implemented SSH configuration, you reduce the risk of brute-force attacks and unauthorized access.
Installing SSH on Your Server
If SSH packages are not included in your server, it is necessary to install them.
Once downloaded, start the daemon. Make sure the SSHD status is active. Stop the daemon. Set up the OpenSSH Service to start running each time after the VPS server reboot. Make sure the SSH is configured properly. It will serve as an additional security level. To do so, disable root login. Change the number of the port for the SHH to run in a non-standard port. Provide access to particular users only.
Most Linux-based VPS servers (like Ubuntu, Debian, or CentOS) offer SSH by default. However, minimal installations or custom builds may require you to add it manually.
Installation Steps:
Install OpenSSH:
bash
sudo apt update && sudo apt install openssh-server
Install SSH Client (for local machine, if needed):
bash
sudo apt install openssh-client
Start the SSH daemon (sshd):
bash
sudo systemctl start ssh
Once downloaded, start the daemon. Make sure the SSHD status is active.
Enable SSH on reboot:
bash
sudo systemctl enable ssh
Initial SSH Configuration
Once your SSH service is running, it’s time to harden its configuration.
Make sure the SSH is configured properly. It will serve as an additional security level.
To do this, open the SSH configuration file:
bash
sudo nano /etc/ssh/sshd_config
Recommended Settings:
Disable root login:
nginx
PermitRootLogin no
Limit users:
nginx
AllowUsers yourusername
Change default port (e.g., 2222):
yaml
Port 2222
Disable root login. Change the number of the port for the SSH to run in a non-standard port. Provide access to particular users only.
Don’t Forget to Save and Restart
Don’t forget to save the modifications. After editing, save and exit the configuration file, then apply changes:
bash
sudo systemctl restart ssh
At this point, try reconnecting using the new port:
bash
ssh yourusername@yourip -p 2222
Enhancing Security with a Firewall
After that, install and configure a firewall. There are plenty of options available.
Firewalls help prevent unauthorized access to your server and limit the attack surface.
Popular Linux Firewalls:
- UFW (Uncomplicated Firewall) – beginner-friendly
- firewalld – default in CentOS/RHEL-based systems
- iptables – flexible but more complex
Just make sure that the firewall configurations are compatible with the installed SSH.
If you’re using UFW, allow your custom port:
bash
sudo ufw allow 2222/tcp
Enable the firewall:
bash
sudo ufw enable
Check status:
bash
sudo ufw status
IP Address Restrictions
If you want to secure your server more, you can restrict an IP address. For it, edit the file iptables.
Allow only specific IP addresses to access SSH:
bash
sudo iptables -A INPUT -p tcp -s YOUR.IP.ADDRESS --dport 2222 -j ACCEPT
Then block all other SSH connections:
bash
sudo iptables -A INPUT -p tcp --dport 2222 -j DROP
Configuring for IPv6 Support
Check whether you are going to use IPv6 and if yes, edit IP6tables to accept it.
To modify ip6tables, follow a similar process as with standard iptables. Make sure to accept SSH traffic on the desired port via IPv6 if you’re expecting dual-stack communication.
Example:
bash
sudo ip6tables -A INPUT -p tcp --dport 2222 -j ACCEPT
Apply and Save All Rules
Save the changes. Don’t forget to restart iptables. It will apply the modifications.
On Debian-based systems:
bash
sudo netfilter-persistent save
sudo systemctl restart netfilter-persistent
Or on Red Hat/CentOS:
bash
sudo service iptables save
sudo systemctl restart iptables
Final Thoughts
Securing your VPS server with SSH is a fundamental part of responsible server management. By installing, configuring, and properly maintaining your SSH access, you reduce vulnerabilities and ensure secure, stable access for yourself or your team.
Don’t stop at basic SSH setup — implement custom ports, user restrictions, and firewalls, and consider adding 2FA (two-factor authentication) or SSH key-based authentication for even greater security.
