VPS SSH Hardening Guide

Complete procedure for transitioning from passwords to secure SSH keys.

Security Status: Hardened

Generate SSH Key Pair

On your local computer (e.g., in MobaXterm MobaKeyGen), generate an RSA 2048-bit key. Set a passphrase for maximum security.

Important: Save your .ppk private key file in a safe location. Never share it.

Prepare the hidden directory and paste your OpenSSH formatted public key string.

mkdir -p ~/.ssh && chmod 700 ~/.ssh

nano ~/.ssh/authorized_keys

Paste the ssh-rsa ... string on a single line, then save and exit (Ctrl+O, Enter, Ctrl+X).

chmod 600 ~/.ssh/authorized_keys

Tell the SSH daemon to stop listening to password attempts entirely.

sudo nano /etc/ssh/sshd_config

Ensure these values are set exactly as shown (uncommented):

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Apply the changes by restarting the service:

sudo systemctl restart ssh

Do not close your terminal until you confirm these two things:

✅ Connect from a New MobaXterm tab using your Private Key.
✅ Try to connect from standard CMD without a key; it should say Permission denied (publickey).