arrow_upward

Pages (2):
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Tutorial] How to (properly) secure your VPS
#1
I. Don't use the root account! Create a new sudoer account
Spoiler Expand
(Make sure you install sudo from your package manager if it's not installed)

1. Create the account. Enter all the details that is prompted.
useradd <username>

2. Add the user to the sudoer group
echo '<username> ALL=(ALL) ALL' >> /etc/sudoers

3. Disable root login!
echo 'PermitRootLogin no' >> /etc/ssh/sshd_config

4. Restart sshd
systemctl restart sshd

II. Use SSH Keys!

Linux/Mac client
Spoiler Expand
1. Generate the key.
If prompted for the path, just press enter.
As for the password, it's your choice to use it or not. (Though it's recommended to use a password for the key file)
ssh-keygen -t rsa
2. Copy over the public key to your server
ssh-copy-id <username>@<host>

You can now connect to the server using ssh keys.
Windows
Spoiler Expand
In Progress...

III. Disable password authentication!
Spoiler Expand
1. Just run this command to disable
echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config
2. Restart sshd
systemctl restart sshd

IV. Install fail2ban
CentOS
Spoiler Expand
1. Install
yum install epel-release #Needed repo
yum install fail2ban
2. Run and enable run at startup
systemctl enable fail2ban
systemctl start fail2ban
Debian
Spoiler Expand

apt-get install fail2ban
2. Run and enable run at startup
systemctl enable fail2ban
systemctl start fail2ban
http://FreeVPS.club - Free VPSs!
#2
Does this work to protect vps from hackers?

Google translate
Terminal
Solo Developer
#3
@chanalku91
Will prevent most of the automated bruteforce attacks. Using a nondefault user will make the bruteforce multiple times harder. + disabling password auth makes it nearly impossible.

fail2ban helps to rate limit bruteforcers too. (Doesn't really matter if you disabled password auth as they cant bruteforce your server lol)
http://FreeVPS.club - Free VPSs!
#4
@chanalku91 these security tips can help your VPS from hackers (simple hacking) preventing to enter your VPS but advance hackers is different. There are many ways to hack, so suggested is that you secure your VPS internally and externally, what I mean by externally is that your VPS is protected by 3rd party like having a DDoS protectection etc etc.
#5
for me i still use normal password authentication . Nice tutorial i probably will do it later but still private key is much secure than normal password because private key is much longer than password and on top of that you need the password so its a win win in term of security
Terminal
humanpuff69@FPAX:~$ Thanks To Shadow Hosting And Post4VPS for VPS 5
#6
(05-07-2018, 02:55 PM)Conan Wrote: @chanalku91
Will prevent most of the automated bruteforce attacks. Using a nondefault user will make the bruteforce multiple times harder. + disabling password auth makes it nearly impossible.

fail2ban helps to rate limit bruteforcers too. (Doesn't really matter if you disabled password auth as they cant bruteforce your server lol)

Awesome! Now I do not need to fret with the extreme hacker hacker weaponry
Terminal
Solo Developer
#7
@humanpuff69
Well atleast install fail2ban so you dont get hacked. fail2ban ratelimits the attempts
http://FreeVPS.club - Free VPSs!
#8
(05-08-2018, 04:32 AM)Conan Wrote: @humanpuff69
Well atleast install fail2ban so you dont get hacked. fail2ban ratelimits the attempts

I already installed it now thanks for your suggestion . I used to used it on my old vps and when my vps get spammed the cpu usage for fail2ban just gone crazy . But it does protect the server
Terminal
humanpuff69@FPAX:~$ Thanks To Shadow Hosting And Post4VPS for VPS 5
#9
What about Ubuntu 16.04?
Can you tell me how to install fail2ban on it?
#10
fail2ban?? well can you tell me more about it ?.. i'll try it out, after i know which this fail2ban used for Smile
thanks for tutorial

Thanks to @Post4VPS & @Racknerd for Providing thier : VPS 2

Pages (2):


Possibly Related Threads…
Thread
Author
Replies
Views
Last Post

person_pin_circle Users browsing this thread: 2 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting