Increase Debian based Linux VPS server’s security

increase-debian-based-linux-vps-server’s-security

When you bought new virtual private server (VPS) most providers give machines with remotely root access by SSH protocol, and it’s not safe.

This article provide some tips for help you increase VPS server’s security. Let’s start setting up.

First of all connect to your new server:

ssh root@your_servers_ip

Note: provider should send SSH credentials for the new VPS server via email.

Create new user with “adduser” command:

adduser user

System open interactive shell and will offer you to set some data:

root@your_servers_id:~# adduser user
Adding user `user' ...
Adding new group `user' (1000) ...
Adding new user `user' (1000) with group `user' ...
Creating home directory `/home/user' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for user
Enter the new value, or press ENTER for the default
    Full Name []: My User
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []:
Is the information correct? [Y/n] y

Note: you may leave blank first five lines and just press “Enter”. But latest line need confirmation.

Now add new user in sudoers for running commands as root:

usermod -aG sudo user

If your machine haven’t “sudo” utility, you need to install it:

apt update && apt install sudo -y

Logout and login with newly created user:

ssh user@your_servers_ip

Now remove root user’s password:

sudo passwd -d root

Disable root user’s login by SSH. Edit /etc/ssh/sshd_config file, find and set PermitRootLogin value to no:

PermitRootLogin no

After making changes restart sshd service:

sudo systemctl restart sshd.service

Disable ipv6. Add in bottom of /etc/sysctl.conf file following lines:

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

Apply changes without restarting system:

sudo sysctl -p

Install UFW utility for manage network access:

sudo apt install ufw -y

Add UFW rules for OpenSSH service to restricting access to your server:

sudo ufw allow from X.X.X.X to any port 22

Where X.X.X.X is your router’s external address.

Enable UFW for autorun (when system started):

sudo ufw enable
Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post
deploying-multiple-php-applications-using-aws-elastic-beanstalk-with-a-standalone-alb

Deploying Multiple PHP Applications Using AWS Elastic Beanstalk with a Standalone ALB

Next Post
gestion-de-identidades-y-accesos-(iam)-en-aws:-buenas-practicas-para-fortalecer-la-seguridad

Gestión de Identidades y Accesos (IAM) en AWS: Buenas prácticas para fortalecer la seguridad

Related Posts