SSH Secure Shell
The encrypted remote-shell protocol every Linux box on the planet listens on by default — and the front door of every VPS we ship.
एक एन्क्रिप्टेड नेटवर्क प्रोटोकॉल जो एक remote machine को ऐसे ऑपरेट करता है जैसे आप उसके console पर बैठे हों: shell access, file transfer (SCP, SFTP), arbitrary TCP port forwarding और SOCKS proxying। 1995 से cleartext telnet/rlogin/rsh तिकड़ी की जगह ली। प्रमुख आधुनिक कार्यान्वयन OpenSSH है, जो प्रत्येक प्रमुख Linux और BSD वितरण और macOS द्वारा शिप किया जाता है।
SSH is the entire control plane of your VPS.
There is no proprietary control panel between you and the operating system — no graphical "server manager", no abstracted file browser, no captive-portal-style web shell. Every NordBastion VPS lands in your hands as a stock Linux machine listening on port 22 for SSH, with a single root credential delivered through the panel. SSH is the entire control plane, full stop.
That decision rests on the same logic as the rest of the product: SSH is open, well-audited, fast, and works identically from a laptop in Berlin, a smartphone with Termius and a CI runner in another data centre. A custom web panel would be slower, weaker, and would require us to maintain code that the OpenSSH project already maintains better than we ever could.
First-hour opsec recommendations are the same on a NordBastion VPS as on any production Linux box: generate an Ed25519 key, copy the public half to the server, disable password authentication and root login if it is not needed, install fail2ban or an equivalent, and consider restricting source IPs at the firewall. The hardening guide walks through every command.
The pages that lean on this term.
The questions people actually ask.
How do I connect to my VPS over SSH?
From a terminal: `ssh [email protected]`. The first connection prompts you to verify the host's fingerprint — compare it against the value shown in the customer panel before accepting. After that, key-based authentication is the recommended setup: generate an Ed25519 key pair locally, paste the public half into ~/.ssh/authorized_keys on the VPS, and disable password login in /etc/ssh/sshd_config. The first-hour hardening guide walks through every step.
Is password authentication safe?
Safe enough if the password is long and random, but key-based authentication is meaningfully better. A strong key cannot be brute-forced by drive-by scanners (and there are a lot of those hitting every public IP on port 22 every day), and disabling password auth entirely eliminates an entire class of credential-stuffing noise from your logs. The hardening guide recommends key-only authentication as the default.
What is SSH port forwarding?
एन्क्रिप्टेड SSH कनेक्शन पर arbitrary TCP ट्रैफ़िक tunnel करने का एक तरीका। Local forwarding (`-L`) एक remote service को local port पर उजागर करता है — उदाहरण के लिए, VPS के PostgreSQL को आपके laptop के localhost:5432 पर खोलना। Remote forwarding (`-R`) इसका उल्टा है। Dynamic forwarding (`-D`) एक SOCKS proxy सेट करता है जो इसे उपयोग करने के लिए कॉन्फ़िगर किसी भी एप्लिकेशन को VPS के माध्यम से रूट करता है। तीनों अत्यंत उपयोगी हैं और सीखने योग्य हैं।
Should I change the default SSH port from 22?
Mostly cosmetic. Moving SSH to a high random port cuts down the volume of drive-by scanner noise in your logs but does nothing against a targeted attacker who will simply scan the host. The real defences are key-only authentication, a fail2ban-style rate-limiter, and limiting source IPs at the firewall level if your access pattern allows it. The guide walks through all three.