VPS Documentation

SSH Access & Key Management

SSH (Secure Shell) is the primary way to manage your VPS from the command line. Sitequest provides both a built-in web terminal and support for connecting with your own SSH client.

Connecting from Your Local Machine

Open a terminal on your computer and run:

ssh root@YOUR_SERVER_IP

If your server uses a non-default port, add the -p flag:

ssh root@YOUR_SERVER_IP -p 2222

You can find your server's IPv4 address and SSH port on the Network & Security page in your dashboard. The SSH command is shown at the top of the Connection section and can be copied with one click.

When connecting for the first time, your SSH client will ask you to verify the server's fingerprint. After confirmation, enter the root password shown on the server's overview page.

Using the Web Terminal

The dashboard includes a browser-based SSH terminal. To open it:

  1. Open your VPS in the dashboard
  2. Click Connect in the navigation bar
  3. Select SSH

A popup window opens with a full terminal session. The web terminal connects through a WebSocket and supports copy/paste, clickable links, and automatic resizing. Sessions time out after 30 minutes of inactivity.

The web terminal uses the same SSH port configured in your dashboard. If you have deployed a key for the web terminal (see below), it authenticates with that key automatically. Otherwise it falls back to the root password.

Managing SSH Keys

SSH keys let you log in without entering a password. They are also more secure than password-based authentication because they are not vulnerable to brute-force attacks.

Your SSH keys are managed under Network & Security in the SSH Keys section.

Generating a Key Pair

  1. Click Generate in the SSH Keys section
  2. Enter an optional display name (e.g. "my-laptop")
  3. Optionally check Use for web terminal — this stores the key for browser-based SSH access and replaces any existing web terminal key
  4. Click Generate & Deploy

The key pair is created as an RSA-4096 key and the public key is automatically deployed to the server. After generation, a panel shows:

  • Private key — copy or download it immediately. It is only shown once and cannot be retrieved later
  • Key password — if the key was generated with a passphrase, it is displayed here

Save the private key file to your local machine (typically ~/.ssh/id_rsa or a custom name). You can then connect with:

ssh -i ~/.ssh/id_rsa root@YOUR_SERVER_IP

Uploading an Existing Key

If you already have an SSH key pair, you can upload just the public key:

  1. Click Upload in the SSH Keys section
  2. Enter a display name
  3. Paste your public key (starts with ssh-rsa, ssh-ed25519, or similar)
  4. Click Upload Key

The public key is deployed to the server's ~/.ssh/authorized_keys file.

Deleting a Key

Click on any key in the list to open its details, then hold the Hold to Delete Key button to confirm removal. The key is removed from the server immediately.

If you delete the key marked Web Terminal, the browser-based terminal will fall back to password authentication.

Disabling Password Authentication

Once you have at least one SSH key deployed, you can disable password-based SSH login for stronger security. This prevents brute-force attacks against the root password.

  1. Go to Network & Security
  2. In the SSH Hardening section, enable the Disable Password Authentication toggle

This modifies PasswordAuthentication in the server's sshd_config and restarts the SSH daemon automatically.

Make sure you have a working SSH key before disabling password authentication. If you lose access, use the Rescue SSH Access button (see below) or connect through the VNC Console to re-enable it.

SSH Hardening

The SSH Hardening section under Network & Security provides one-click toggles for common security settings. Each toggle reads the current state from your server and applies changes over SSH.

Setting What it does
Disable Password Authentication Blocks username/password login via SSH
Disable SHA-1 HMAC Removes weak SHA-1-based HMAC algorithms
Hide SSH Banner Strips the OS identifier from the SSH handshake (Debian/Ubuntu)
Post-Quantum Key Exchange Enables hybrid sntrup761x25519 key exchange (requires OpenSSH 8.5+)
Disable Legacy Ciphers Blocks CBC-mode and 3DES ciphers

The current OpenSSH version is displayed at the top. If an update is available, an Update button appears next to it.

A Refresh button re-reads all settings from the server if you have made manual changes via the command line.

Changing the SSH Port

By default, SSH listens on port 22. You can change it from the Connection section:

  1. Click the port number next to SSH Port
  2. Enter the new port (1 — 65535)
  3. Click Save

This updates the port used by the web terminal, SFTP file browser, and monitoring. Remember to also update the port in your server's sshd_config and firewall rules to match.

Rescue SSH Access

If you are locked out — for example, after disabling password authentication without a working key — the dashboard provides a recovery option.

When the dashboard cannot reach the server over SSH, a warning appears in the SSH Hardening section with a Rescue SSH Access button. This:

  1. Injects a temporary SSH key through the hypervisor's guest agent
  2. Re-enables password authentication in sshd_config
  3. Sets up a web terminal key so you can connect from the browser

After rescue, connect via the web terminal and reconfigure your SSH keys and security settings.