If you are using a Linux VPS, you are connecting to it via SSH protocol. But if you have created a new user and you want to allow SSH access for that user, you will have to complete some simple steps.

On the other hand, if you have just created your own server but you don’t have SSH enabled, it will be also easy to do.

  1. If SSH is not installed on your system, install openssh-server. In Ubuntu, type this command (with a non-root user with “sudo” permissions):
    sudo apt install openssh-server -y
  2. Look for a .ssh/ folder in your home directory. If it doesn’t exists, create it and change its permissions so only the owner can access this folder.
    mkdir ~/.ssh
    sudo chmod 700 ~/.ssh
  3. Execute ssh-keygen command to create the private and public keys and select default values pressing Intro key (you can set a password for the private key if you want).
    $ ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/user/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/user/.ssh/id_rsa
    Your public key has been saved in /home/user/.ssh/id_rsa.pub
    • If you lose your public key, you can regenerate it:
        ssh-keygen -y -f my-private-key.pem > my-public-key.pub
  4. Create a file named authorized_keys in ~/.ssh/ and change permissions so only owner can access to the file
    touch ~/.ssh/authorized_keys
    sudo chmod 600 ~/.ssh/authorized_keys
  5. This file contains a list of public keys. When you connect from another machine, SSH will check if your private key corresponds to one of the server public keys. Copy the contents of your newly created public key (~/.ssh/id_rsa.pub) in ~/.ssh/authorized_keys. You can also run this command:
    ssh-copy-id -i ~/.ssh/id_rsa.pub <USER>@<SERVER_IP>
  6. Now you can save your private key file in a secure place.
  7. Check SSH config file: /etc/ssh/sshd_config.
    • It’s a good practice changing SSH port (Port 22).
    • Password Authentication no disallows connecting to the server without a private key.
    • PermitRootLogin no disallows user root to connect through SSH.
  8. If you have made changes to this file, restart SSH typing (in Ubuntu):
    sudo service ssh restart
    sudo service ssh reload