Installing Postgress on Kali Linux
June 14, 2025Writing Your First Nmap NSE Script on Kali Linux
June 15, 2025
How to secure SSH on Kali Linux (Hostinger VPS)
In this guide, we’ll lock down SSH on your Kali Linux Hostinger VPS: generate an SSH key pair, copy it over, disable password authentication, and set up Fail2Ban lockouts for extra protection.
1. Install prerequisites
Before locking down SSH, we need two key packages:
- openssh-server – installs and runs the SSH daemon so you can connect remotely.
- fail2ban – monitors for repeated login failures and automatically bans offending IPs to block brute-force attacks.
First, update your package list so you get the latest versions, then install both in one go:
sudo apt update && sudo apt install -y openssh-server fail2ban
Why these steps?
sudo apt update refreshes your local package index.
apt install -y auto-confirms the install so you don’t get stuck at a prompt.
openssh-server gives you SSH access to your VPS.
fail2ban provides an extra layer of protection by watching SSH logs and banning IPs after too many failed attempts.
2. Generate an SSH key pair
On your local machine, create a new key (we recommend Ed25519):
ssh-keygen -t ed25519 -C "you@example.com"Accept the default file path and (optionally) set a passphrase for extra security.
3. Copy your public key
Transfer your key to the VPS & append to ~/.ssh/authorized_keys:
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@VPS_IPIf ssh-copy-id isn’t available, manually paste the contents of id_ed25519.pub into ~/.ssh/authorized_keys on the server.
4. Harden SSH configuration
Edit /etc/ssh/sshd_config to enforce key-only logins:
sudo nano /etc/ssh/sshd_configEnsure these lines are set:
PermitRootLogin noPubkeyAuthentication yesPasswordAuthentication noChallengeResponseAuthentication noUsePAM yes
5. Restart SSH
sudo systemctl restart sshAlways test a new SSH connection before closing your existing session.
6. Configure Fail2Ban
Create /etc/fail2ban/jail.local with these settings:
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 5
bantime = 600
findtime = 600maxretry = allowed failures
bantime = ban duration (seconds)
findtime = failure window (seconds)
7. Restart & enable Fail2Ban
sudo systemctl enable --now fail2ban
sudo systemctl status fail2banVerify that Fail2Ban is active and monitoring SSH logs.
8. Test lockouts
From another machine or session, attempt 6 bad SSH logins. You should see your IP get banned in /var/log/fail2ban.log.
That’s it! You now have key-based SSH only, no passwords allowed and automatic lockouts on repeated failures.
Power Your Own Kali Lab
Ready to build and host your own pentest or bug bounty environment? We run our Kali labs on Hostinger, where you get 4 vCPU, NVMe storage, 16 GB RAM and 16 TB bandwidth backed by 24/7 support and a 30-day money-back guarantee. Lock in a 24-month plan and save up to 20%.
Ready for a reliable, high-performance VPS at an unbeatable price? We host our own Kali labs on Hostinger: 4 vCPU, NVMe storage, 16 GB RAM and 16 TB bandwidth—backed by 24/7 support and a 30-day money-back guarantee. You’ll save up to 20% when you lock in a 24-month plan. Grab a Hostinger VPS using this referral link and support our content.
👉 Claim your Hostinger VPS (from only US$ 7.99/mo)
