When you first login into you server, you should always change your root password. Your password should have at least 15 alphanumerical characters.
To change a password, enter the following command: (You will not see any entered characters, but you will be asked to enter your password twice)

[email protected]:/# passwd





Nevertheless you should NEVER login as root. So you need a new user. Create one with the following command:

[email protected]:/# adduser –shell /bin/bash <username>





You will be asked to enter a password (keep in mind, you should use 15 characters at least) for the new account and to enter some details for the recent added account.

After we created a new account, we should disable the root-login via SSH. Edit the /etc/ssh/sshd_config, and change the PermitRootLogin option to no. Just restart the ssh server with

/etc/init.d/ssh restart

Now open a new connection to your server, to test the connection. Keep in mind that you must login as a user.

As the last step, you should generate one or more SSH certificates to login to your server.
Warning! You will not be able to login via your password anymore. It is also important to protect your SSH-Certificate.
For Windows you can create a ssh-cerificate with putty gen. Make sure to save the private key. This key is going to be your password.
Copy the public key into a file in /home/<username>/.ssh/authorized_keys. (Make sure that the file has 600 as file attribute) Uncomment in the /etc/ssh/sshd_config the option PasswordAuthentication and set the option to no. Restart the ssh server.
Open a second putty session. To enter a private key into putty go to Connection→SSH→Auth and select the private key.
You should now be able to logon to you VPS only via your newly created user, and only with the generated ssh Certifcate. If you cannot login you should set the PasswordAuthentication to yes and restart your ssh daemon. You should now be able to login via your user and your given password.


Post by user zeph and the thread is here
I am not responsible to any damage to your server!