VPS Server Hardening Guide
This guide covers essential steps to harden a Linux VPS against unauthorized access and attacks.
1. Update Your System
sudo apt update && sudo apt upgrade -y2. Create a New User
sudo adduser myadmin
sudo usermod -aG sudo myadmin3. Set Up SSH Key Authentication
ssh-keygen -t ed25519
ssh-copy-id myadmin@your_server_ip4. Disable Root SSH Login and Password Authentication
Edit the SSH config file:
sudo nano /etc/ssh/sshd_configRecommended settings:
PermitRootLogin no
PasswordAuthentication noRestart SSH:
sudo systemctl restart sshFor a complete guide on disabling password login and securing SSH, see: Disable SSH Password Login (Jink Host Guide)
5. Enable UFW Firewall
sudo ufw allow OpenSSH
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
sudo ufw status verbose6. Configure sysctl for Network Hardening
sudo nano /etc/sysctl.d/99-sysctl.confnet.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
net.ipv6.conf.all.disable_ipv6 = 1sudo sysctl -p /etc/sysctl.d/99-sysctl.conf7. Install Fail2Ban
sudo apt install fail2ban -ysudo nano /etc/fail2ban/jail.local[sshd]
enabled = true
port = ssh
backend = systemd
bantime = 3600
findtime = 600
maxretry = 5sudo systemctl restart fail2ban8. Enable Automatic Security Updates
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure unattended-upgrades9. Secure File Permissions
chmod 600 ~/.ssh/authorized_keys
chown -R $USER:$USER ~/.ssh10. Audit Listening Services
sudo ss -tulnConclusion
Completing these steps provides a solid foundation for VPS security. For enhanced protection, regularly update your system and review logs. For additional SSH configuration, consult the linked guide above.
