Self-Hosting Strategy
The video introduces deploying an application by setting up and managing a personal VPS instead of relying on managed cloud services. This approach is presented as cost-effective and capable of handling significant traffic on low-cost servers.
Introduction to SSH
SSH (Secure Shell) enables encrypted remote access to a server via the command line. It ensures that commands, file transfers, and other communications between the local machine and server remain secure.
SSH Authentication with Keys
Instead of password-based authentication, the setup uses SSH key pairs consisting of a public and private key. The public key is stored on the server, while the private key remains on the local machine to provide cryptographic proof of identity.
Security Benefits of SSH Keys
SSH keys are highly resistant to brute-force attacks due to their large key sizes. Disabling password authentication further reduces attack surfaces and prevents credential interception over the network.
Generating SSH Keys
The ssh-keygen tool is used to generate keys, specifying the algorithm (ED25519), an identifying comment, and a file name. The process creates both a private key (kept locally) and a public key (uploaded to the server).
Key File Structure and Usage
By default, SSH keys are stored in the .ssh directory with separate private and public files. The private key enables authentication, while the public key is deployed to the server to grant secure access.
Our application is ready to go live. Now, we could just provide our binary or create a Docker image or something similar and give it to a cloud provider and have them manage our server for us, but that is no fun. So what I want to do in part three here, we're going to go through how to set up our own server, how to secure it, how to deploy to it, and all the steps in between.
This is both going to be cheaper and you're probably also going to get a lot more value for your money. A five dollar VPS or server from something like Hetzner is going to be more than enough for most use cases. You can handle a lot of traffic would go on a small server. The first thing we need to touch upon is SSH and SSH keys. So what is
SSH stands for Secure Shell, and it's how you can remotely access and control a server via the command line. SSH creates encrypted connection, so everything you do is encrypted, commands, file transfers, whatever you do on the server, so no one can look into the traffic that is happening between your local terminal and your remote server.
The basics of an SSH command is to say SSH, then provide your username on the VPS or the server, then add and then your server IP. Before we can SSH in, we need to also mention or talk about SSH keys. Instead of using traditional authentication where you have a password and a username, we are going to be using
SSH keys, that is a public key and a private key that is generated cryptographically. So we have a private key that stays on our computer and then a public key that goes to the server. Whenever we try to access our server, it will look up the private key and then ask us for the, so we will look up the public key that it has on the server and then ask us for a private key. This is,
mathematical proof of identity. So we don't send a server over the network. The public key can be thought of as a lock. It's not a secret. You can share it if you want to. The only thing that's really important is the private key, because that is the key to the lock in this analogy. So we're going to go over how you generate it. But first, I also want to touch upon why it's really important for security.
So why is SSH key a good thing for security? Well, first of all, it's almost impossible to brute force it. These keys are typically made of 2048 or 4096 bits, which means that the computational power you'd need to crack this key is gigantic. It's not possible. There's also nothing to intercept. No password descent or the network and network monitors, for example, they cannot grab your credentials.
we can disable login on the server, which we will do in one of the upcoming episodes, so that if someone were to try a bunch of different combinations, they will just get logged out completely. So just with SSH keys plus disabling password authentication on the server, we are stopping a lot of potential attack surfaces. So the way we're gonna be generating SSH key is with a command line tool called ssh-keygen.
where we simply specify the type of algorithm we want to use. We're going to add an email for identification, and we're also going to specify a file name. Typically, if you don't, or the default, if you don't specify a name is that the keys will be called id underscore, and then the algorithm that you are using, where the private one will just be that, and the public version will be dot pop at the end.
I'm going to create one with our final name so we can easier differentiate between the different keys because I have a bunch of keys on my system. So the way we're going to do this, as we're going to say SSH, key gen, we're going to say we want the type of ED25519, which is our modern and secure and also fast algorithm. We're going to say C and it will be modern at master full stack.
The file should go into .ssh and this is the default folder that the SSH keys will live in and we will call it bleeding edge. I need to call this SSH-GEN. There we go. We don't want a passphrase and now we have our SSH key created so if I open it up
You can see here that we have bleedingedge.pop, which is the one we're going to put on the server. We also have the private version that I'm going to show you now, but I will delete it after this video so you can't really use it for anything. And this is the one that we're going to have on our local computer, so we can authenticate ourselves against what is on the server.
