Update Your Server #
Before doing anything else, make sure your server’s software is up to date. Run the following commands:
sudo apt update
sudo apt upgrade -y
This ensures that your system has the latest security patches and software updates.
Create a New User with Sudo Privileges #
For security purposes, it’s recommended to avoid using the root user for daily tasks. Instead, create a new user with sudo privileges:
sudo adduser yourusername
sudo usermod -aG sudo yourusername
Replace yourusername
with your desired username. Now, you can switch to this user:
su - yourusername
Change the Default SSH Port #
Disclaimer, do this on a new server, or never do it! High chance that any mistake you will close out yourself from the server!
Changing the default SSH port from 22 to a non-standard port can reduce the chances of automated attacks:
sudo nano /etc/ssh/sshd_config
Find the line:
#Port 22
Uncomment it and change 22 to your preferred port number, for example, 2200:
Port 2200
Enable SSH Key Authentication #
- Add your public key to the VPS key store:
echo "your_public_key" >> ~/.ssh/authorized_keys
Check first that you can connect with SSH key!
- Disable password authentication by editing the SSH configuration file:
sudo nano /etc/ssh/sshd_config
Ensure the following lines are set:
PasswordAuthentication no
- Restart SSH to apply the changes:
sudo systemctl restart ssh
Keep Your Server Updated #
Regularly updating your server is one of the best ways to protect against vulnerabilities:
sudo apt update && sudo apt upgrade -y
You can also enable automatic updates:
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades
This will automatically install security updates.