Aiming to enhance the security of network and information systems within the EU, NIS2 came into force in October 2024, causing a headache to many organizations. Compared to NIS, NIS2 simplifies reporting obligations. However, it imposes more stringent measures and sanctions, making the compliance journey rather complicated. For many companies, ensuring that their cloud infrastructure remains secure and achieving compliance is now a top priority. The truth is that a typical compliance process includes security assessments, auditing, consulting and implementation, that may last for about 12 months. It is a process bearing a significant cost for the organizations, both in terms of human and financial resources.

But are all organizations affected by the NIS2 Directive?

The answer is NO. The NIS2 Directive is estimated to affect about 160K companies, covering a total of 15 sectors (energy, health, transport, finance, water supply, digital infrastructure, public administration, digital providers, postal services, waste management, space, foods, manufacturing, chemicals and research). Furthermore, it applies only to entities that provide essential or important services to the European economy and the European society. To make sure whereas your organization falls under the NIS2’s scope, you can check the information provided in the ANEX I of the EU Directive 2022/2555 here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022L2555#anx_I

Or:

• if you are operating in the Greek market, you can take a NIS2 eligibility test here: https://cyber.gov.gr/nis2-scope/
• if you are operating in the Spanish market, you can check the website of INCIBE (Instituto Nacional de Ciberseguridad), here: https://www.incibe.es/incibe-cert/sectores-estrategicos/eres-NIS2

What changes?

The NIS2 introduces new requirements and obligations for the organizations, focusing in four areas: (i) risk management, (ii) corporate accountability, (iii) reporting obligations and (iv) business continuity.

Cyber risks need to be minimized through measures, like enhanced network, encryption and better access control, among others. The above-mentioned cybersecurity measures need to be overseen and approved by the corporate management. At the same time, the whole entity needs to be trained on them, resulting on strengthened corporate accountability being mandatory. In terms of reporting, the organizations need to establish processes, ensuring prompt reporting of security incidents. In the meantime, specific notification deadlines apply, such as the 24-hour “early warning”. Finally, all organizations need to to ensure the continuity of their business, in case a major cyber incident happens. Their plans are expected to include system recovery measures, emergency procedures and crisis-handling teams.

Overall, organizations are expected to ensure security of their cloud infrastructure and systems and achieve compliance with the requirements of the Directive. Apart from the four overarching areas described above, the NIS2 Directive requires the implementation of 10 baseline security measures, so that organizations are able to address specific forms of cyberthreats. The 10 minimum measures include:

How can you comply?

Το άρθρο How NIS2 ready are you? εμφανίστηκε πρώτα στο Antyxsoft.

When you rent a Virtual Private Server (VPS), one of the first things you’ll need is a secure way to connect to it and manage it remotely. That’s where SSH, or Secure Shell, comes in.

SSH is a cryptographic network protocol that allows you to securely access and control a remote machine over an unsecured network. It’s the standard way system administrators, developers, and IT professionals manage Linux-based servers from anywhere in the world.

Unlike traditional remote access methods that may transmit data in plain text, SSH encrypts all communication between your local computer and the remote server. This ensures that sensitive information—such as login credentials, commands, and transferred files—remains private and protected from eavesdropping or tampering.

Whether you’re setting up a web server, deploying an application, or automating tasks on your VPS, SSH is an essential tool that gives you full control over your server environment—safely and reliably.

The SSH Daemon

Behind every secure SSH connection is a background service running on your server called the SSH Daemon, or sshd. This daemon is responsible for listening to incoming SSH connection requests, authenticating users, and managing encrypted sessions.

When you connect to your VPS via SSH, it’s the sshd process on the server that accepts your request, verifies your credentials (e.g., password or SSH key), and then grants you secure access to the system.

The behavior of the SSH Daemon is controlled by its main configuration file, located at: /etc/ssh/sshd_config. This file contains a wide range of settings that determine how SSH connections are handled—everything from which authentication methods are allowed, to which users can log in, to what port the service listens on.

After making changes to sshd_config, the SSH service must be reloaded or restarted for changes to take effect: systemctl restart sshd

Common SSHD Configuration Options

Here are some of the most commonly used and useful options in the sshd_config file:

• Port
  Defines which port sshd listens on (default is 22). Changing it can help reduce automated attack attempts.
• PermitRootLogin
  Controls whether the root user is allowed to log in via SSH. It’s good practice to disable this for better security.
• PasswordAuthentication
  Enables or disables login with a username and password. Turning this off enforces key-based authentication only.
• AllowUsers / DenyUsers
  Specifies which user accounts can or cannot log in via SSH.
• MaxAuthTries
  Limits the number of authentication attempts per session to prevent brute-force attacks.

When you enable ssh to your VPS it is crucial to take the time to review and configure the SSH Daemon settings can greatly improve your server’s security. Disabling root login, enforcing SSH key authentication, and limiting user access are simple but powerful steps toward hardening your system.

SSH Clients: How to Connect to a Linux Server

To establish an SSH connection to your VPS, you’ll need an SSH client—a program that initiates the connection from your local machine to the remote server. Depending on your operating system, there are different tools available, each with its own interface and features.

Let’s take a look at the most widely used SSH clients.

1. The ssh Command (macOS, Linux, Windows 10+)
   On Linux, macOS, and modern versions of Windows (Windows 10 and 11), the ssh command is built right into the terminal. This makes it the fastest and most convenient way to connect to your VPS.
   Basic Syntax:
   ssh username@server_ip
   You can also specify a custom port if your server uses something other than the defaultport 22 with the -p flag. For example: ssh username@server_ip
2. PuTTY (Windows)
   For Windows users who prefer a graphical interface, PuTTY is one of the most popular SSH clients. It’s lightweight, open-source, and easy to use.
   Key features:
   – Simple GUI for entering IP, username, and port
   – Support for saved sessions
   – Built-in key generator (PuTTYgen)
   – SSH tunneling (port forwarding)
   How to use it:
   1. Download and install PuTTY from the official site.
   2. Enter the IP address (or domain name) of your VPS in the “Host Name” field.
   3. Set the SSH port (default is 22).
   4. Click Open to connect.

Other Popular Clients

• Termius (Windows, macOS, Linux, iOS, Android)
  A modern SSH client with a polished interface and cloud sync features. Great for managing multiple servers from different devices.
• MobaXterm (Windows)
  Combines an SSH client, X server, and many Unix tools in a single portable app. Ideal for advanced users working in a Windows environment.
• OpenSSH for Windows
  Available via the built-in Windows Terminal or PowerShell. Offers the same command-line ssh tool as Linux/macOS.

SSH Hardening: Securing Your Server Access

Out of the box, SSH provides encrypted communication between your device and your server. But to truly secure your VPS and reduce the risk of unauthorized access, you should harden your SSH configuration using industry best practices.

This includes disabling password authentication, limiting user access, changing default ports, and—most importantly—using SSH key-based authentication.

SSH Key Pairs: The Secure Way to Log In

SSH key authentication replaces traditional passwords with a much stronger and more secure login method. It uses a pair of cryptographic keys:

• Public Key – Placed on the server. ~/.ssh/authorized_keys
• Private Key – Stored securely on your local machine and never shared

When you attempt to connect to the server, SSH uses the private key to prove your identity—no password required.

Benefits of Using SSH Keys

• Stronger Security – Keys are extremely difficult to brute-force
• No Passwords Sent – Nothing sensitive is transmitted over the network
• Automation-Friendly – Great for scripts, backups, and deployments

How to Generate and Use SSH Keys

Step 1: Generate the key pair (on your local machine)

To generate a SSH key-pair the ssh-keygen command will be used.
Basic syntax: ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

• -t rsa: Use RSA key type
• -b 4096: Key length (4096 bits recommended)
• -C: Comment to identify the key

You’ll be prompted to save the key, usually in ~/.ssh/id_rsa and optionally set a passphrase for added protection.

Step 2: Copy the public key to your server

To copy the generated ssh key the ssh-copy-id will be used.
Basic syntax: ssh-copy-id user@your_server_ip
Alternatively, manually copy the contents of your id_rsa.pub file to the server’s ~/.ssh/authorized_keys file.

Step 3: Log in using your key

After you successfully copy the public key to your VPS you can run ssh user@your_server_ip to connect to the server. If configured correctly, you’ll be logged in without entering a password.

Get Started with Antyxsoft

Το άρθρο Getting Started with SSH: How to Securely Connect to Your VPS εμφανίστηκε πρώτα στο Antyxsoft.