Connect securely to your web server

Category: Security & SSL • Est. reading time: 2 minutes

If you manage your own server, how you connect to it matters. We do not recommend logging in directly as the root user, and on our shared hosting we disable that entirely. Here is the safer approach we teach: change your SSH port and log in with a key instead of a password.

Once your setup is done, connecting for everyday use looks like this: ssh -p <portnumber> user@yourserver.com

Step 1: Move SSH Off the Default Port

Bots hammer port 22 all day because it is the default. Moving to a different port cuts that noise dramatically.

  1. Connect to your server and switch to the root user.
  2. Open the SSH config: vi /etc/ssh/sshd_config
  3. Find the line #Port 22, remove the # and change 22 to a port number of your choice.
  4. Restart SSH: service sshd restart

Step 2: Create an SSH Key

A key pair is far stronger than a password. You keep the private half; the server holds the public half.

On Mac or Linux, open Terminal and run: ssh-keygen -t ed25519 -o -a 100. Your keys land in $HOME/.ssh/ as id_ed25519 (private) and id_ed25519.pub (public).

On Windows, download PuTTY and open PuTTYgen. Set the key type to ED25519, click Generate, and add a passphrase you will not forget. Save both the private and public keys somewhere safe. One important extra step on Windows: PuTTY saves the private key in its own format, so to get a key that works everywhere, go to the Conversions menu and choose Export OpenSSH Key. You need the private key to connect, so do not lose it.

Step 3: Put the Public Key on the Server

  1. Open your authorized keys file: vi /home/username/.ssh/authorized_keys
  2. Press i to enter edit mode.
  3. Paste your public key on a new line at the bottom.
  4. Press Esc, then type :wq to save and exit.

Step 4: Turn Off Password Logins (the step that locks it in)

Setting up a key does not help much on its own, because the server still accepts passwords until you tell it not to. This step is what actually enforces key-only access.

Do this first, before anything else: open a new terminal window and confirm you can log in with your key. Keep your current session open. If key login is not working and you disable passwords anyway, you can lock yourself out of your own server.

Once you have confirmed key login works:

  1. Open the SSH config again: vi /etc/ssh/sshd_config
  2. Set PasswordAuthentication no (this turns off password logins, so only your key works).
  3. Set PermitRootLogin no (this blocks anyone from logging straight in as root).
  4. Save and restart SSH: service sshd restart

Guard that private key. Anyone who has it can log into your server. Store it securely, protect it with a passphrase, and never email or share it.

Not comfortable hardening a server yourself? That is exactly what our managed and dedicated hosting handles for you. Reach us at support@allydrez.com or 1-321-209-2004.