Security Tips

Securing your Linux VPS For dummies

Almost everyone have their own VPS now a days which is running some kind of Linux flavor. Usually people just get the VPS and start using it straight away, without even doing the basic security and setup.

I thought I should write the basic security measures that should be done on a brand new VPS. These steps are no way meant to completely secure your server, but at the very least these steps will make it harder for newbies or wannabes to get break into your server.

Got root?

First thing first, change the root password. Root is the most powerful user on any linux server, make sure you change the password immediately as soon as you get the VPS from your VPS provider.

Login as root and the following command to change your root password.

passwd

SSH: the door to your server.

Change SSH port to some non-default port. The path of sshd configuration file is:

It is never a good idea to keep running the SSH service on the default port which is port 22. Find the line starting with Port and change your port. See the example below.

Port 2014

Disable root login, Find the line starting with “PermitRootLogin” and set it to no, see the example below.

PermitRootLogin no

Restart the sshd service.

service sshd restart

Wanna be a Cop?

In third world countries when cops are looking for bad guys, they close down all the roads and only allow the traffic on the road they are monitoring so they can check all the cars passing through.

Similarly you should close all the ports to your server and only allow ports that you use. Just make sure you allow the new non-default SSH port that you have set above or otherwise you will lock out yourself from your own server.

Paranoid?

You can do more to make your server more secure, for example Google 2-Factor authentication for SSH, install fail2ban, etc etc. Want to know more? Want to secure more? Let me know in comments and I will try to help as much as I can.

Published by

Hameedullah Khan

VR enthusiast, Cloud Architect, Passionate Programmer and Opensource advocate.

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge