[Conan]

I. Don't use the root account! Create a new sudoer account

Spoiler Expand

(Make sure you install sudo from your package manager if it's not installed)

1. Create the account. Enter all the details that is prompted.

Code: (Select All)

useradd <username>

2. Add the user to the sudoer group

Code: (Select All)

echo '<username> ALL=(ALL) ALL' >> /etc/sudoers

3. Disable root login!

Code: (Select All)

echo 'PermitRootLogin no' >> /etc/ssh/sshd_config

4. Restart sshd

Code: (Select All)

systemctl restart sshd

II. Use SSH Keys!

Linux/Mac client

Spoiler Expand

1. Generate the key.
If prompted for the path, just press enter.
As for the password, it's your choice to use it or not. (Though it's recommended to use a password for the key file)

Code: (Select All)

ssh-keygen -t rsa

2. Copy over the public key to your server

Code: (Select All)

ssh-copy-id <username>@<host>

You can now connect to the server using ssh keys.

Windows

Spoiler Expand

In Progress...

III. Disable password authentication!

Spoiler Expand

1. Just run this command to disable

Code: (Select All)

echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config

2. Restart sshd

Code: (Select All)

systemctl restart sshd

IV. Install fail2ban
CentOS

Spoiler Expand

1. Install

Code: (Select All)

yum install epel-release #Needed repo
yum install fail2ban

2. Run and enable run at startup

Code: (Select All)

systemctl enable fail2ban
systemctl start fail2ban

Debian

Spoiler Expand

Code: (Select All)

apt-get install fail2ban

2. Run and enable run at startup

Code: (Select All)

systemctl enable fail2ban
systemctl start fail2ban

[chanalku91]

Does this work to protect vps from hackers?

Google translate

[Conan]

@chanalku91
Will prevent most of the automated bruteforce attacks. Using a nondefault user will make the bruteforce multiple times harder. + disabling password auth makes it nearly impossible.

fail2ban helps to rate limit bruteforcers too. (Doesn't really matter if you disabled password auth as they cant bruteforce your server lol)

[Vuluts]

@chanalku91 these security tips can help your VPS from hackers (simple hacking) preventing to enter your VPS but advance hackers is different. There are many ways to hack, so suggested is that you secure your VPS internally and externally, what I mean by externally is that your VPS is protected by 3rd party like having a DDoS protectection etc etc.

[humanpuff69]

for me i still use normal password authentication . Nice tutorial i probably will do it later but still private key is much secure than normal password because private key is much longer than password and on top of that you need the password so its a win win in term of security

[chanalku91]

@chanalku91
Will prevent most of the automated bruteforce attacks. Using a nondefault user will make the bruteforce multiple times harder. + disabling password auth makes it nearly impossible.

fail2ban helps to rate limit bruteforcers too. (Doesn't really matter if you disabled password auth as they cant bruteforce your server lol)

Awesome! Now I do not need to fret with the extreme hacker hacker weaponry

[Conan]

@humanpuff69
Well atleast install fail2ban so you dont get hacked. fail2ban ratelimits the attempts

[humanpuff69]

@humanpuff69
Well atleast install fail2ban so you dont get hacked. fail2ban ratelimits the attempts

I already installed it now thanks for your suggestion . I used to used it on my old vps and when my vps get spammed the cpu usage for fail2ban just gone crazy . But it does protect the server

[youssefbasha]

What about Ubuntu 16.04?
Can you tell me how to install fail2ban on it?

[YOuNeS_Dz]

fail2ban?? well can you tell me more about it ?.. i'll try it out, after i know which this fail2ban used for
thanks for tutorial