*Cube-Host– full cloud services!!

get a consultation
WhatsApp Telegram
EN

Connecting to Linux VPS via SSH

Connecting to Linux VPS via SSH

SSH is the standard and most secure way to manage a Linux server remotely. In this guide you’ll learn how to connect with a password (quick start), how to switch to key-based login (recommended), and how to troubleshoot common SSH errors.

If you don’t have a server yet, start with a reliable Linux VPS or choose a plan from our VPS hosting lineup for quick deployment and stable connectivity.

What You Will Need

  • VPS IP address (or domain), login (root or a user with sudo), SSH port (default 22).
  • SSH client:
    • Windows 10/11: built-in OpenSSH in Windows Terminal / PowerShell / CMD (recommended) or PuTTY.
    • macOS / Linux: built-in ssh in Terminal.

Option A — Quick Connection Using a Password (Windows/macOS/Linux)

Use this method for the first login or when keys are not configured yet. Replace USERNAME and SERVER_IP with your values.

ssh USERNAME@SERVER_IP

If your SSH port is not 22 (example: 2222):

ssh -p 2222 USERNAME@SERVER_IP

On first connection, SSH will ask to confirm the server’s host key fingerprint. Confirm only if you trust the source of the IP (provider panel / your own deployment). The fingerprint is saved locally in ~/.ssh/known_hosts.

Linux VPS SSH connection example

Option B — Key-Based Login (Recommended)

Key-based authentication is more secure than passwords and is the standard for production servers. You generate a key pair locally, then upload only the public key to the VPS.

Step 1 — Generate a key pair on your PC

Windows 10/11 (PowerShell / Windows Terminal), macOS, Linux:

ssh-keygen -t ed25519 -a 64

By default, keys are saved to:

  • Windows: C:\Users\YOURNAME\.ssh\
  • macOS/Linux: ~/.ssh/

Important: the private key has no extension (keep it secret). The public key ends with .pub (copy it to the server).

Generating SSH key pair on Windows

Step 2 — Upload the public key to the server

Method 2.1 — Automatic (recommended if password login works): ssh-copy-id

macOS/Linux (and Windows with OpenSSH tools available):

ssh-copy-id -i ~/.ssh/id_ed25519.pub USERNAME@SERVER_IP

This appends the key to ~/.ssh/authorized_keys on the server and sets safe permissions automatically.

Method 2.2 — Manual (works everywhere)

Login via password first, then create the SSH directory and add your public key.

# On the VPS
mkdir -p ~/.ssh
chmod 700 ~/.ssh

# Paste your PUBLIC key into the file (one line)
nano ~/.ssh/authorized_keys

chmod 600 ~/.ssh/authorized_keys

Do not copy the private key. If permissions are wrong (~/.ssh not 700 or authorized_keys not 600), you may get Permission denied (publickey).

Adding public SSH key to authorized_keys

Step 3 — Connect using the key

Basic connection (usually works without extra flags if the key is in ~/.ssh/):

ssh USERNAME@SERVER_IP

If you need to specify the key file and/or port:

ssh -i ~/.ssh/id_ed25519 -p 2222 USERNAME@SERVER_IP

To avoid typing parameters every time, create a profile in ~/.ssh/config (Windows also supports it):

# File: ~/.ssh/config

Host myvps
  HostName SERVER_IP
  User USERNAME
  Port 22
  IdentityFile ~/.ssh/id_ed25519

Now you can connect with:

ssh myvps

Option C — PuTTY (Windows) for GUI

  1. Open PuTTY → Session → Host Name (IP/domain), Port (22), Connection type (SSH).
  2. Save the session (Saved Sessions → Save) and click Open.
  3. If using a key: convert/import it in PuTTYgen and save as .ppk, then in PuTTY go to Connection → SSH → Auth and select the private key file.
PuTTY SSH connection settings

Verification and Troubleshooting

Check if the SSH port is reachable

Windows (PowerShell):

Test-NetConnection SERVER_IP -Port 22

macOS/Linux:

nc -vz SERVER_IP 22

Common errors

  • Connection timed out / No route to host — wrong IP, firewall blocks port 22, provider security group closed, or SSH service down.
  • Permission denied (publickey) — public key not on the server, wrong permissions (700/600), wrong user, or wrong key file in IdentityFile.
  • REMOTE HOST IDENTIFICATION HAS CHANGED — IP reused or server reinstalled. Verify it’s expected, then remove old fingerprint line from ~/.ssh/known_hosts.
  • Too many authentication failures — too many keys tried; specify a single key with -i or use a dedicated Host entry in ~/.ssh/config.

Enhancing Server Security (After Keys Work)

After confirming key-based login works, harden SSH: disable root login and password auth. Keep one SSH session open while applying changes.

sudo nano /etc/ssh/sshd_config

Recommended baseline:

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes

# Optional: restrict who can connect
# AllowUsers USERNAME
# or
# AllowGroups sshusers

MaxAuthTries 3
LoginGraceTime 30

Validate and reload SSH (Ubuntu/Debian):

sudo sshd -t
sudo systemctl reload ssh

RHEL-based systems often use sshd service name:

sudo sshd -t
sudo systemctl reload sshd

Copying Files (SCP / SFTP)

SCP (copy a local file to the server):

scp ./backup.tar.gz USERNAME@SERVER_IP:/home/USERNAME/

SCP (copy from server to local):

scp USERNAME@SERVER_IP:/var/log/syslog ./syslog

SFTP (interactive file manager over SSH):

sftp USERNAME@SERVER_IP

Deploy a VPS Ready for Secure SSH Access

SSH key authentication + hardened SSH settings is the standard baseline for production servers. Start with a reliable Linux VPS or browse our VPS hosting plans to deploy a server and connect securely in minutes.

Prev

More articles:

Menu