Last updated: 26/1/2021

Secure VPS

things important to do, to secure a server

these are some few steps, to make your vps a bit more secure.

SSH

first you should have a normal account(not root), with sudo privelege.

Disable Root Access

edit ssh config file: /etc/ssh/sshd_config

PermitRootLogin no

Use Keys instead of Password

in your local machine run:

ssh-keygen

when you finish, run:

ssh-copy-id user@server_ip

now try to access your server, you should get in without a password. back to server again, let's disable password access, edit ssh config file: /etc/ssh/sshd_config

PasswordAuthentication no

Change SSH Default Port

edit ssh config file: /etc/ssh/sshd_config

Port 2221

finally run this, to reload configuration.

sudo systemctl restart sshd

Fail2Ban

you should also install fail2ban to prevent bruteforcing your server

For Fun

you may want to install a dumy ssh server on port 22, to waste hackers time for example there is a project called endlessh

Firewall

you can simply use ufw, and allow only required services, like http, ssh

sudo ufw allow http
sudo ufw allow https
sudo ufw allow ssh
sudo ufw allow 2221
sudo ufw enable