so, you follow your normal thing, log into your VPS via SSH with the long root password they generate for you
then you need this https://github.com/angristan/wireguard-install to set up a wireguard tunnel and a client
set your pc up to run the wireguard tunnel (it's just a matter of installing wireguard on linux, the actual code is in the kernel, the package just adds the services setup) and you drop the config generated by that script into /etc/wireguard/wg0.conf
next, you need to probably take advantage of the VNC cli root shell that most VPS providers give you, as if you lose SSH access in this process you cannot get in via that path
you need to change the ssh configuration on the VPS so instead of listening on 0.0.0.0 it only listens on 10.0.0.1 - the usual IP address, just run `ip a` to see the wg0 once you have done that install with the script, whatever it is, your clients will have sequential numbers after that like, the first one is usually ending in 2
then, you need to also add `[email protected]` to the "After" line in the /etc/systemd/system/ssh.service (i'm assuming your VPS runs ubuntu, which i recommend for easy finding of howto info and fixes for problems) so that the SSH waits until the address it will listen to is up
then after that you should be able to log in via
ssh [email protected]
and of course it is recommended to also reconfigure SSH to use only certificate authentication and put your id_ed25519.pub into /root/.ssh/authorized_keys
and that's the whole thing
after that, you can reboot your VPS and you will be able to connect via SSH only via wireguard, and by default the IP address that internet servers will see is your VPS, i use this on mine, rented a cheap VPS in romania for $35 for a year with minimal specs, all it has is a reverse proxy and wireguard VPN server, and that also allows me to run internet-reachable services as i was using to do testing with my relay development, and currently run my own instance of nostrudel for nostr client
mleku / mleku™️
npub1fjq…leku
2024-07-03 12:06:36
in reply to nevent1q…dpdr
Author Public Key
npub1fjqqy4a93z5zsjwsfxqhc2764kvykfdyttvldkkkdera8dr78vhsmmlekuPublished at
2024-07-03 12:06:36Event JSON
{
"id": "c779e1f4d85266b7bc6f8ce340f13d59af4d958e53af22177f1cd19bddb9f48f",
"pubkey": "4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f",
"created_at": 1720001196,
"kind": 1,
"tags": [
[
"e",
"973bf0598dd533392271cf0bca9f6a4452d456eaa9d679eecb59e5654cc661b6",
"",
"root"
],
[
"e",
"4d431e39da5d5eb2bcce20d570fee811f6480a64c73e222dfb3951f45c5f1022",
"",
"reply"
],
[
"p",
"eda96cb93aecdd61ade0c1f9d2bfdf95a7e76cf1ca89820c38e6e4cea55c0c05",
"",
"mention"
],
[
"p",
"c6cfec69543456207140127d93d69ea96d43f3c661948c1c9b7bb682c08b73b8",
"",
"mention"
]
],
"content": "so, you follow your normal thing, log into your VPS via SSH with the long root password they generate for you\n\nthen you need this https://github.com/angristan/wireguard-install to set up a wireguard tunnel and a client\n\nset your pc up to run the wireguard tunnel (it's just a matter of installing wireguard on linux, the actual code is in the kernel, the package just adds the services setup) and you drop the config generated by that script into /etc/wireguard/wg0.conf\n\nnext, you need to probably take advantage of the VNC cli root shell that most VPS providers give you, as if you lose SSH access in this process you cannot get in via that path\n\nyou need to change the ssh configuration on the VPS so instead of listening on 0.0.0.0 it only listens on 10.0.0.1 - the usual IP address, just run `ip a` to see the wg0 once you have done that install with the script, whatever it is, your clients will have sequential numbers after that like, the first one is usually ending in 2\n\nthen, you need to also add `[email protected]` to the \"After\" line in the /etc/systemd/system/ssh.service (i'm assuming your VPS runs ubuntu, which i recommend for easy finding of howto info and fixes for problems) so that the SSH waits until the address it will listen to is up\n\nthen after that you should be able to log in via \n\nssh [email protected]\n\nand of course it is recommended to also reconfigure SSH to use only certificate authentication and put your id_ed25519.pub into /root/.ssh/authorized_keys\n\nand that's the whole thing\n\nafter that, you can reboot your VPS and you will be able to connect via SSH only via wireguard, and by default the IP address that internet servers will see is your VPS, i use this on mine, rented a cheap VPS in romania for $35 for a year with minimal specs, all it has is a reverse proxy and wireguard VPN server, and that also allows me to run internet-reachable services as i was using to do testing with my relay development, and currently run my own instance of nostrudel for nostr client",
"sig": "d1abb0031da55baf29486980c6588ca2bcd5b0306429cfd82a583ed41e0c0ebc09d311dea64da0bf59a524952c6803a342239ddcc517a95891f233a124249747"
}