Connecting to Your VPS via SSH (First-Time Setup)

SSH (Secure Shell) is how you access a VPS or dedicated server. It’s a text-based connection that runs in a terminal, encrypted end-to-end, and gives you full control over the machine. If you’re moving up from shared hosting, the transition can feel intimidating — but once you’ve connected the first time, the rest follows naturally.

This guide covers connecting from every major platform, then walks through the first-day hardening steps that every new server needs before you put anything important on it.

What you’ll need

From your iWebVault welcome email:

• Server IP address — e.g. 185.123.45.67
• Root password — the auto-generated initial password
• SSH port — defaults to 22 unless your welcome email specifies otherwise

Keep these handy. We’ll change them shortly — that’s part of the hardening process.

Method 1 — Connecting from macOS or Linux

Both ship with SSH built in. Open your terminal app (Terminal.app on macOS, your distro’s terminal on Linux) and run:

ssh root@185.123.45.67

Replace the IP with your server’s. The first time you connect, you’ll see a warning about the host’s authenticity and a fingerprint. Type yes to accept — this only happens once per server. You’ll then be prompted for the root password from your welcome email. Type it (no characters will appear — that’s normal for password entry) and press Enter.

If everything’s correct, you’ll land at a prompt that looks something like [root@hostname ~]#. You’re in.

Method 2 — Connecting from Windows 10/11

Modern Windows includes an OpenSSH client. Open PowerShell or Windows Terminal and run the same command:

ssh root@185.123.45.67

If the command isn’t recognized, open Settings → Apps → Optional features, click Add an optional feature, search for OpenSSH Client, and install it. Then reopen your terminal.

Method 3 — Connecting from older Windows (PuTTY)

If you’re on Windows 7/8 or prefer a GUI, install PuTTY (free, open-source). Once installed:

1. Launch PuTTY.
2. In the Host Name field, enter your server IP.
3. Set Port to 22 (or your custom port if it’s different).
4. Connection type: SSH.
5. Click Open.
6. Accept the host key when prompted.
7. Log in as root with your password.

Method 4 — Connecting from mobile

For emergency access from a phone or tablet:

• iOS — Termius (free tier available) or Blink Shell.
• Android — Termius, JuiceSSH, or ConnectBot.

All work similarly: create a new host entry with your server’s IP, port, and root credentials, then connect. Mobile is great for “fix something while away from a laptop” — not great for sustained work.

First-day hardening (critical)

Before you install anything, before you upload any sites, do the following five steps. Your server is publicly reachable from the moment it’s provisioned, and brute-force bots will start trying to log in within minutes. Get ahead of them.

1. Change the root password immediately

passwd

Enter a strong new password twice. Don’t keep the one from your welcome email — it’s been sitting in your inbox in plain text. Store the new password in your password manager.

2. Create a non-root sudo user

You should not be doing day-to-day work as root. Create a regular user with sudo access:

adduser myname
usermod -aG wheel myname        # AlmaLinux/Rocky/CentOS
# OR
usermod -aG sudo myname         # Ubuntu/Debian

Now log out (exit) and log back in as your new user (ssh myname@server-ip). Test sudo with sudo whoami — should return root. From here on, do everything as the regular user with sudo prepended when you need elevated privileges.

3. Set up SSH key authentication

Passwords can be guessed; SSH keys can’t be brute-forced in any practical sense. On your local machine (laptop, not the server), generate a key pair if you don’t have one:

ssh-keygen -t ed25519 -C "your-email@example.com"

Accept the default location, and set a passphrase if you want extra protection. Then copy your public key to the server:

ssh-copy-id myname@185.123.45.67

Enter your password one last time. From now on, SSH will use the key automatically. Test by connecting again — you should land in your shell without being asked for a password.

4. Disable password authentication

Once key auth works, turn off passwords entirely so brute-force attacks have nothing to attack. Test your key login first — if you make this change before keys work, you’ll lock yourself out.

sudo nano /etc/ssh/sshd_config

Find and update these three lines (uncomment if needed, change values):

PasswordAuthentication no
PermitRootLogin no
PubkeyAuthentication yes

Save (Ctrl+O, Enter, Ctrl+X). Restart SSH:

sudo systemctl restart sshd

Keep your current SSH session open — if you’ve made a mistake, you’ll need it to recover. From a new terminal, test that you can still connect. If yes, you’re safe to close the original. If no, the original session is your lifeline; revert the changes and try again.

5. Configure a firewall

If your VPS came with a control panel (cPanel/DirectAdmin), it likely includes CSF (ConfigServer Security & Firewall) — already configured sensibly. If not, install a basic firewall:

# AlmaLinux/Rocky/CentOS:
sudo dnf install firewalld -y
sudo systemctl enable --now firewalld
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

# Ubuntu/Debian:
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable

This opens only the ports you actually need (SSH, HTTP, HTTPS) and blocks everything else.

Common SSH issues

“Connection refused” — the SSH service isn’t running, or the port isn’t open. If it’s a brand-new server, wait 5 minutes and retry; provisioning sometimes takes a moment to finish. If still refused, open a ticket.

“Permission denied (publickey)” — usually means you’ve disabled password auth, your key isn’t installed on the server, and you’re trying to log in without one. From your local machine, retry with ssh -v to see verbose output and identify which key SSH is trying.

“Connection timed out” — either the IP is wrong, the firewall is blocking you, or the server is offline. Verify IP first, then try pinging it: ping 185.123.45.67. If ping works but SSH doesn’t, it’s a firewall issue.

“Host key verification failed” — usually happens after a server rebuild. Remove the old key from your known_hosts: ssh-keygen -R 185.123.45.67, then reconnect and accept the new fingerprint.

Locked yourself out completely? All iWebVault VPS plans include rescue/recovery console access via the client area. Log in, find your VPS, and use the console to fix the configuration. Or open a ticket and we’ll help you get back in.

What’s next

With SSH working and your server hardened, the typical next steps are:

• Install a control panel (cPanel/WHM, DirectAdmin, or run panel-free).
• Set up monitoring so you’ll know about issues before customers do.
• Configure backups — your VPS doesn’t include automatic backups by default unless you’ve added the service.

If you’re new to server administration, our team can help you get the basics right. Open a ticket with what you’re trying to accomplish and we’ll point you in the right direction.