Skip to main content

Linux Server Hardening- VPS

These steps go over ways to help harden your Linux Server, especially on a VPS. As VPS servers are public, adding additional security is crucial.

Initial Server Setup

New Sudo User Setup
  1. Update System Packages to ensure your system is up to date
sudo apt update && sudo apt list --upgradable && sudo apt upgrade -y && sudo apt autoremove -y
  1. Set up Timezone, as accurate time is important for logs and scheduled tasks
sudo dpkg-reconfigure tzdata
  1. Create Non- Root User, never operate directly as root. Create a new user and give it sudo privileges
adduser <your_new_user>
sudo usermod -aG sudo <your_new_user>

Some VPS systems won't allow you to use public key for ssh that root has access to. You will need to manually add it to the list

  1. Create the .ssh Directory (if it doesn't exist)
mkdir -p ~/.ssh
chmod 700 ~/.ssh
  1. Add Public Key
echo "your_public_key_contents" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Relogin using ssh key toyour new user

Secure SSH Connection with SSH Key Only Authentication

Also, very important consideration is to disable password login, enable passkey login only to use ssh key you just set up, and few other security options

  1. Login to server and edit SSH Config File
sudo nano /etc/ssh/sshd_config

Modify the file like picture below

  • LoginGraceTime- This setting defines how long (in minutes) the server will wait for a user to log in before disconnecting. A shorter time can help reduce the window for brute-force attacks.
  • PermitRootLogin- If you want to enhance security, consider changing this to PermitRootLogin no to prevent direct root logins. Instead, use a regular user with sudo privileges for administrative tasks.
  • StrictModes- This setting ensures that the user's home directory and .ssh directory have the correct permissions. It helps prevent unauthorized access.
  • MaxAuthTries- This limits the number of authentication attempts per connection. If a user exceeds this limit, the session will be terminated, which helps mitigate brute-force attacks.
  • MaxSession- This setting limits the number of concurrent sessions per connection. If you have multiple users connecting, you might want to keep it higher.

image.png

  1. Save and Exit
  2. Restart SSH Service
sudo systemctl restart sshd

 

Back to top