Skip to content
  • Bitcoin accepted
  • MMonero accepted
  • DMCA-resilient
  • Anonymous signup
  • ΞEthereum accepted
  • No KYC
  • 99.99% uptime
  • 24/7 support
  • 7-day money-back
  • Provisioned in < 5 min
  • Iceland · Switzerland · Netherlands
  • USDT accepted
Bitcoin accepted. Monero accepted. DMCA-resilient. Anonymous signup. Ethereum accepted. No KYC. 99.99% uptime. 24/7 support. 7-day money-back. Provisioned in under 5 minutes. Iceland, Switzerland, Netherlands. USDT accepted.
SilentHosts
Get started
Security6 min readUpdated 2026-04-30

Harden SSH on your offshore VPS

Disable password auth, enforce keys, change the port, restrict source IPs, and rate-limit attempts.

SSH is the most-attacked service on the internet. Default-config SSH on port 22 will see 100s of brute-force attempts per hour. Hardening takes 10 minutes and reduces the noise to zero.

Step 1: SSH key authentication only

Edit /etc/ssh/sshd_config:

PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no
KbdInteractiveAuthentication no

Reload: systemctl reload ssh. Verify you can still log in via key in a NEW terminal before closing the current session — locking yourself out forces a rescue console boot.

Step 2: Move off port 22

Pick a high non-standard port (e.g. 22222). In sshd_config:

Port 22222

Update your firewall (ufw allow 22222/tcp), reload SSH, then close port 22.

Step 3: Disable root login

Create a non-root user with sudo:

adduser deploy
usermod -aG sudo deploy
rsync -a ~/.ssh deploy@/home/deploy/
chown -R deploy:deploy /home/deploy/.ssh

Then in sshd_config:

PermitRootLogin no

From now on, ssh deploy@HOST then sudo for elevated commands.

Step 4: Rate-limit with fail2ban

See /kb/fail2ban-setup for the install. fail2ban watches /var/log/auth.log and bans IPs after N failed attempts.

Step 5: Optional — restrict source IPs

If you only ever SSH from a known IP (your home VPN, your office, a bastion host), add an allow-from-source rule:

Match Address 1.2.3.4,5.6.7.8
  AllowUsers deploy

Related articles

Connect to your VPS via SSH

Log in for the first time, set up SSH key auth, and disable root password login for production.

Read

Set up fail2ban in 5 minutes

Auto-ban IPs that fail too many SSH login attempts. The single highest-ROI security tool for VPS.

Read

Firewall basics with ufw

Default-deny inbound, allow only what you need. Standard ufw rules for a typical web VPS.

Read
All articlesStill stuck? Open a ticket

Deploy your first offshore server in 60 seconds.

Anonymous signup. Bitcoin & Monero accepted. Provisioned across 8 jurisdictions.

Get startedTalk to sales

No credit card required · 7-day money-back guarantee