CloudStick is a server control panel for developers and agencies that lets you manage cloud servers on AWS, DigitalOcean, Vultr, Linode, and Hetzner without using the command line. Plans start at $9/month — the Basic plan covers 1 server with unlimited websites; Pro at $19/month and Business at $49/month cover unlimited servers.

Will features I pay for ever get moved to a higher plan?

No. CloudStick is committed to keeping all features you currently pay for within your existing plan. New features may be added to higher tiers, but existing plan features will never be removed or require a forced upgrade.

What happens to my servers if I cancel CloudStick?

Your servers remain fully operational after cancellation. CloudStick does not host your servers — it manages them. If you cancel, you lose access to the CloudStick dashboard, but your servers continue running on your cloud provider.

Is there a free trial for CloudStick?

Yes. CloudStick offers a 7-day free trial on all paid plans with no credit card required. You can explore every feature and upgrade, downgrade, or cancel at any time during or after the trial.

SSH & ACCESS

Jun 23/2026

How to Connect to Your VPS for the First Time (SSH Basics)

7 min read

CloudStick Team

Security Specialist

Share this article

How to Connect to Your VPS for the First Time (SSH Basics)

SSH basics
for beginners

What SSH Is and Why It Replaced Telnet

SSH (Secure Shell) is an encrypted network protocol for logging into remote machines and executing commands. It replaced Telnet in the late 1990s because Telnet transmitted everything — including passwords — in plain text, readable by anyone on the network. SSH encrypts the entire session using public-key cryptography.

When you connect to a VPS via SSH, two things authenticate you: optionally a password (insecure) or a key pair (the standard). The key pair consists of a private key on your local machine that never leaves it, and a public key placed on the server. The server challenges your client with something only the private key can answer.

PREREQUISITE

You need your server's IP address and either the root password (to start) or an SSH key already installed. Cloud providers usually show the IP in their dashboard immediately after provisioning. For Ubuntu 24.04, the default user is ubuntu on AWS/Lightsail or root on DigitalOcean/Vultr/Hetzner.

Generating Your SSH Key Pair

ED25519 is the modern algorithm — smaller keys, faster math, resistant to current known attacks. RSA 4096 is still acceptable but creates larger keys. Avoid RSA 2048 and DSA entirely on any new setup.

# Generate an ED25519 key pair
ssh-keygen -t ed25519 -C "your-server-label"
# Press Enter to accept the default path (~/.ssh/id_ed25519)
# Set a passphrase (highly recommended) when prompted
# View your public key — this is what goes on the server
cat ~/.ssh/id_ed25519.pub

The output of cat looks like: ssh-ed25519 AAAA... your-server-label. Copy that entire string — this is the public key you will place on your server.

Connecting from macOS and Linux

Both macOS and Linux ship with the OpenSSH client pre-installed. Open Terminal and use the commands below. The first login uses a password so you can copy your key to the server — after that, key-based auth takes over and the password prompt disappears.

# First-time password-based login (to copy your key)
ssh root@YOUR_SERVER_IP
# Copy your public key to the server (run from your local machine)
ssh-copy-id -i ~/.ssh/id_ed25519.pub root@YOUR_SERVER_IP
# Now connect with key auth (no password prompt)
ssh root@YOUR_SERVER_IP
# Or specify the key explicitly
ssh -i ~/.ssh/id_ed25519 root@YOUR_SERVER_IP

To save typing on repeat connections, add a named entry to ~/.ssh/config:

Host myserver
  HostName YOUR_SERVER_IP
  User root
  IdentityFile ~/.ssh/id_ed25519

Then connect with simply: ssh myserver

Connecting from Windows

Windows 10 and Windows 11 ship with OpenSSH built-in. Open PowerShell or Command Prompt and use the same commands you would on Linux:

# Generate key (same command, works in PowerShell)
ssh-keygen -t ed25519 -C "your-server-label"
# Connect
ssh root@YOUR_SERVER_IP
# Copy the public key manually (no ssh-copy-id on older Windows builds)
# First copy its content, then append to the server's authorized_keys:
type $env:USERPROFILE\.ssh\id_ed25519.pub | ssh root@YOUR_SERVER_IP "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

If you prefer a GUI, PuTTY + PuTTYgen is the traditional Windows SSH client. Generate a PuTTY-format key with PuTTYgen, export the public key, and paste it into the server's authorized_keys. PuTTY sessions can be saved and reused across reboots.

Hardening SSH Immediately After First Login

The default SSH configuration is functional but not production-hardened. Attackers scan the internet continuously for servers with password authentication enabled — the time between provisioning and first brute-force attempt is often under a minute. Apply these settings in /etc/ssh/sshd_config:

# Disable password authentication (only after keys are working!)
PasswordAuthentication no
# Disable root login entirely (use a sudo user instead)
PermitRootLogin no
# Limit login grace time
LoginGraceTime 20
# Apply changes
sudo systemctl restart ssh

TIP

If you change the SSH port (not always recommended), update your UFW rule first: sudo ufw allow NEW_PORT/tcp && sudo ufw delete allow OpenSSH — then edit the sshd_config Port line. Test from a second terminal BEFORE closing your current session.

Managing SSH Keys in CloudStick

CloudStick includes an SSH Vault — a secure credential manager inside the dashboard. Add your server's root SSH key through the dashboard's SSH Key Management section, and CloudStick stores it encrypted. Team members you invite can be granted SSH access to specific servers without you emailing private keys around.

CloudStick also provides a browser-based SSH terminal (SSH Terminal via Dashboard feature) so you can connect to any managed server from any browser without a local SSH client installed — useful for emergency access from a machine without your keys loaded.