DEV Community

Cover image for Security: How to secure your VPS server
Ousseynou Diop
Ousseynou Diop

Posted on • Updated on

Security: How to secure your VPS server

Originally posted on my blog

A virtual private server (VPS) is a virtual machine sold as a service by an Internet hosting service. The virtual dedicated server (VDS) also has a similar meaning.

Wikipedia

In the modern world, It's impossible to feel 100% secure and safe, vulnerabilities are everywhere.

The security industry is one of the fastest growing industries in the world today, every day compagnies complain about hacking or some security issue, what ever the size of your company you must be conscience about hacking and hacker.
In this modern age, security is very important.

Security should be one of your priorities, physics and logics.

In this article i will share with you some tips to secure your VPS server.

1- Upgrade your system

Three reason to upgrade your system

1- Get full advantages of new features and functionalities
2- Bug fixes and Security improvement
3- Remove some outdated packages

Before you update your system make sure you have created a new user different of the default user AKA root.

Login To Your Server

$ ssh root@<your.ip.address>
Enter fullscreen mode Exit fullscreen mode
root@<servername>:~#
Enter fullscreen mode Exit fullscreen mode

Create a new user

$ adduser <username>

Enter fullscreen mode Exit fullscreen mode

Give root privileges

$ usermod -aG sudo <username>
Enter fullscreen mode Exit fullscreen mode

Create SSH Keys

SSH keys provide a more secure way of logging into a server with SSH than using a password alone.

Do this in your machine and hit enter all the way through it will generate a public and private key.

ssh-keygen
Enter fullscreen mode Exit fullscreen mode

Copy the public key

$ cat ~/.ssh/id_rsa.pub
Enter fullscreen mode Exit fullscreen mode

In your server

$ cd /home/username/
$ mkdir .ssh
cd .ssh
nano authorized_keys
Paste the key and hit "ctrl-x", hit "y" to save and "enter" to exit
Enter fullscreen mode Exit fullscreen mode

Login as new user

$ ssh username@<your.ip.address>
Enter fullscreen mode Exit fullscreen mode

Run this command to update the packages :

$ sudo apt update
$ sudo apt upgrade
Enter fullscreen mode Exit fullscreen mode

2- Disable Root Login

Security expert highly recommended to not use root user .

$ sudo nano /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode

Make some changes

PermitRootLogin no
PasswordAuthentication no
Enter fullscreen mode Exit fullscreen mode

Reload sshd service

$ sudo systemctl reload sshd
Enter fullscreen mode Exit fullscreen mode

3- Configure a FireWall

In this article i use ufw firewall, is very easy to setup and it's good for most use cases.

See which apps are registered with the firewall

$ sudo ufw app list
Enter fullscreen mode Exit fullscreen mode

Allow openSSH

$ sudo ufw allow OpenSSH
Enter fullscreen mode Exit fullscreen mode

Check the status

$ sudo ufw status
Enter fullscreen mode Exit fullscreen mode

4- Install Fail2Ban

Fail2ban is a log-parsing solution that monitors system logs for symptoms of an automated attack on your Server.
Basically, Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc.

$ apt-get install fail2ban
Enter fullscreen mode Exit fullscreen mode

The system will start automatically

In order to get it work right you need to configure it and the article can't cover all the details, you can find online resources.

Thank you for reading.

Any tips, idea or suggestion ?

Top comments (0)