SSH keys or password – which is more secure?

SSH keys (Ed25519) are much more secure. Disable password login after key setup.

Can hardening SSH lock me out?

Yes – if you disable password login before key works, or close port 22 in UFW. Always keep a second terminal open.

Which SSH port should I use?

Any port above 1024 (e.g. 2222). Obscurity alone isn't enough – keys + Fail2ban matter more.

Secure SSH – Keys, Change Port & Disable Root Login

Quick answer: Secure SSH in 3 steps: set up Ed25519 key → disable password login → optionally change port + Fail2ban. Always test keys in a second terminal before closing your session.

If you landed here: You want to stop brute-force attacks on port 22 or heard password login is insecure.

Step 1: Generate SSH key (local)

ssh-keygen -t ed25519 -C "nexorahost-server"
cat ~/.ssh/id_ed25519.pub

Step 2: Add key on server

mkdir -p ~/.ssh && chmod 700 ~/.ssh
nano ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Step 3: Harden sshd_config

PasswordAuthentication no
PermitRootLogin prohibit-password
systemctl restart sshd

UFW: allow new port before closing old → Firewall guide

Part of VPS setup: Set up Linux VPS · Fail2ban

Products & ordering: Root/VPS server · Manage: panel.nexorahost.de · My account · nexorahost.com (Frankfurt · 1 Tbit/s DDoS · 99.9% uptime)

NexoraHost

Root & VPS servers

Ryzen power at Maincubes FRA01 – full root access, NVMe, DDoS protection included.

Order now → Account

Game servers Root/VPS Webspace Domains

nexorahost.com · Maincubes FRA01 · 1 Tbit/s DDoS · 99,9 % Uptime