# SSH Access

## SSH Login

To connect to your VPS Server, there are 2 primary authentication methods: password or key file. Your server provider will provide you with one of these after purchase.

{% hint style="danger" %}
We **strongly** advice you use **key file** authentication, as it is the most secure
{% endhint %}

* Download your preferred SSH Client, we recommend:  [PuTTY](https://www.putty.org/) 

![Putty Interface](https://2510806329-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuqgyAWFFqngMON69bQgC%2Fuploads%2FzZ2qrTY32KmonCnHVqy3%2FScreenshot%202021-10-28%20124856.png?alt=media\&token=9b25c1df-807b-484b-8d56-a371e3d19911)

* Enter your server's **IP address** in the Hostname field. 
* Leave the port as **22** for SSH Access (unless your VPS provider specifies otherwise)
* If it is password you have, the SSH client will prompt you to type it in, if it is a key file, you have to specify the location on your SSH client as shown below:

![Putty Authentication](https://2510806329-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuqgyAWFFqngMON69bQgC%2Fuploads%2FdnSDH1lDDvEAQ2ATKM9t%2FScreenshot%202021-10-28%20125042.png?alt=media\&token=539112c7-01e7-458a-964f-262d6e41540d)

* Click on **Open** to start the connection, you will be prompted for username.

After successful connection to the server, you will have an interface as shown below. This is where you will type in commands.

![SSH Session](https://2510806329-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuqgyAWFFqngMON69bQgC%2Fuploads%2FieY0xM9BTrvWriA3WeWf%2FScreenshot%202021-10-28%20142446.png?alt=media\&token=ed428846-5a8f-47c9-9dcd-3705b4a24268)

For example: To navigate to a directory, run the command `cd /path/to/the/directory`

## SSH Key File (optional)

If your server already provided you with key file for authentication, then you may skip this step, but if you were provided with password instead, this section contains instructions on how to convert to SSH key file, as it is the most secure.

First you need to generate your own key file using **PuTTYgen**. (it is included with PuTTY installation)

![PuTTYgen Interface](https://2510806329-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuqgyAWFFqngMON69bQgC%2Fuploads%2FsAh9oeLwrUsQguB7KSAC%2Fimage.png?alt=media\&token=cf74053b-5168-4734-a19a-4b508c724618)

* Open the **PuTTYgen** program.
* For **Type of key to generate**, select **SSH-2 RSA**.
* Click the **Generate** button.
* Move your mouse in the area below the progress bar. When the progress bar is full, **PuTTYgen** generates your key pair.
* Type a passphrase in the **Key passphrase** field. Type the same passphrase in the **Confirm passphrase** field. You can use a key without a passphrase, but this is not recommended.
* Click the **Save private key** button to save the private key. **Warning!** You must save the private key. You will need it to connect to your machine.
* Right-click in the text field labeled **Public key for pasting into OpenSSH authorized\_keys file** and choose Select All. (This is what you need to save on your server to enable key file authentication)
* Right-click again in the same text field and choose **Copy**.

### Copy Public Key to Server

You have to save the copied public key on your server to enable authentication file.

* If you are not already logged in, Login to the server (see: [SSH Login](#authentication))
* Create your `.ssh` directory using the command:

```shell
mkdir -p ~/.ssh
```

* Run the command: 

```shell
echo "your copied public key here" >> ~/.ssh/authorized_keys
```

{% hint style="warning" %}
**"your copied public key here"**  must be replaced with the actual public key, while preserving the quotes. The command will look like the following:

`echo "ssh-rsa AAAAB3NzaC1yc...." >> ~/.ssh/authorized_keys`
{% endhint %}

* Now, you should close the current session, and try to login with the newly created key file. (see: [SSH Login](#authentication))

### Disable Password Login

Finally, you need to disable the password login, so that the only means of authentication to your server will now be through the created key file. (If your server already provided you with a key file upon purchase, the password login will be disabled by default, so you may skip this section)

While logged in as the **root user** (using the SSH Key file). 

* Edit the file: `/etc/ssh/sshd_config`

```shell
sudo nano /etc/ssh/sshd_config
```

* Look for the line and uncomment it (by removing the **#**). If it was set to `yes`, change it to `no`: 

```
#PasswordAuthentication no
#ChallengeResponseAuthentication no
```

* Save the file (Ctrl + O)
* Now restart the service: 

```shell
sudo service ssh restart
```

## Creating User

We recommend installing Cryptitan under **a newly created use**r with less privilege than the **root user**, this section will guide you through the process.

* First you need to login as the **root user** since that is the account that has the permission to create a new user account (see: [SSH Login](#ssh-login))
* Run the command:

```shell
sudo useradd -m neoscrypts
```

{% hint style="info" %}
**neoscrypts** is the name of your user account, you are free to change it to any name.
{% endhint %}

* While still logged in as the **root user**, switch to the newly created user account using the command:

```shell
sudo su - neoscrypts
```

Now you need to copy the public key into the newly created user account to enable authentication with SSH key. If you don't have a key file yet, refer to [SSH Key File](#ssh-key-file-optional) section

* Set the public key by using [the same instructions as above](#copy-public-key-to-server)

## Upload Files

You need to setup your preferred SFTP client, to be able to upload files to the server,  We recommend: [WinSCP](https://winscp.net/eng/download.php)

![WinSCP Interface](https://2510806329-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuqgyAWFFqngMON69bQgC%2Fuploads%2FxQ7gpaS37YOoqenSVk9X%2Fwinscp-1.png?alt=media\&token=b7a5114f-bc2b-459b-96e4-9762a07f0806)

* Enter your server's **IP address** as Host name
* Set your port to 22 (unless specified otherwise by your provider)
* Set your **username** (always upload as the created user account, **do not upload as root user!**)
* If you have enabled key file authentication as we recommended, click on **Advanced** 

![Select Key file](https://2510806329-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuqgyAWFFqngMON69bQgC%2Fuploads%2FCg7HLrgNNrRnT6Z9TJxw%2Fwinscp-2.png?alt=media\&token=8d523720-b3dd-4252-b2b9-7bc5542ae9e0)

* Select the path to your key file and click on **OK**.
* Save and click on **Login** to start session

![SFTP Session](https://2510806329-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuqgyAWFFqngMON69bQgC%2Fuploads%2F4ox91Bj9go9bZhxpWeB5%2Fwinscp-3.png?alt=media\&token=dc9d4cba-dc1f-4273-afa8-66ac7a30d8a3)

* At the top bar, enter the directory path you want to navigate to.
* Finally, to upload a file, simply drag and drop the file into the remote area.