Operating a VPS (Virtual Private Server) requires careful attention to security, as an improperly secured server is vulnerable to hacking, data breaches, and system damage. However, basic security measures can prevent most of these risks. In this article, we will explore key settings to strengthen VPS security. Learn how to make your server safer through the following steps.
1. Enhancing SSH Security
SSH is a protocol used for remote access to servers, making security reinforcement crucial. Allowing SSH access solely through passwords can be a major security weakness. A recommended alternative is using SSH keys.
1.1 Using SSH Keys Instead of Passwords
SSH keys provide more security than passwords and offer stronger protection against brute-force attacks.
1. Generate an SSH key on your local machine:
ssh-keygen -t rsa -b 40962. Upload the generated public key to your server:
ssh-copy-id user@your_server_ip3. Disable password authentication on the server:
sudo nano /etc/ssh/sshd_configSet `PasswordAuthentication no`, then save.
4. Restart the SSH service:
sudo systemctl restart ssh1.2 Changing the SSH Port
By default, SSH uses port 22. Changing the port can help reduce brute-force attack attempts.
1. Modify the port in the `/etc/ssh/sshd_config` file:
sudo nano /etc/ssh/sshd_configFor example, change the port to 2222:
Port 22222. Open the new port in the firewall:
sudo ufw allow 2222/tcp3. Restart the SSH service:
sudo systemctl restart ssh2. Configuring the Firewall (UFW)
A firewall is a basic tool for protecting your server from external threats. On Ubuntu, you can easily configure a firewall using `UFW (Uncomplicated Firewall)`.
Installing and Configuring UFW
1. Install UFW:
sudo apt install ufw2. Allow only the necessary ports for SSH, HTTP, and HTTPS:
sudo ufw allow 2222/tcp # SSH port
sudo ufw allow 80/tcp # HTTP port
sudo ufw allow 443/tcp # HTTPS port3. Enable the firewall:
sudo ufw enable4. Check the firewall status:
sudo ufw status3. Installing Fail2Ban
If your server is under brute-force attack, `Fail2Ban` can be installed to block the attacker’s IP address. This tool analyzes server logs to detect suspicious activities and automatically blocks them.
Configuring Fail2Ban
1. Install Fail2Ban:
sudo apt install fail2ban2. Configure it to protect against SSH attacks:
sudo nano /etc/fail2ban/jail.localAdd the following content:
[sshd]
enabled = true
port = 2222
maxretry = 5
findtime = 600
bantime = 36003. Restart the service:
sudo systemctl restart fail2ban4. Configuring Automatic Updates
Another critical factor in maintaining server security is keeping security patches up-to-date. Patching vulnerabilities quickly is essential to protecting the server from hackers. Let’s see how to configure automatic updates.
1. Install the unattended-upgrades package:
sudo apt install unattended-upgrades2. Edit the configuration to enable automatic updates:
sudo dpkg-reconfigure --priority=low unattended-upgrades5. Disabling Root SSH Access
Allowing SSH access via the root account is highly dangerous for security. It’s safer to use a regular account and gain root privileges only when necessary using the `sudo` command.
1. Edit the `/etc/ssh/sshd_config` file to disable root access:
sudo nano /etc/ssh/sshd_configFind and modify the following setting:
PermitRootLogin no2. Restart the SSH service:
sudo systemctl restart sshWhy SSH access through the root account is highly dangerous
- Easily targeted for brute-force attacks: The root account is a default account on every server, making it a primary target for attackers. Brute-force attempts to access the root account increase the risk.
- Complete access to all system privileges: If attackers gain access to the root account, they can manipulate all files, settings, and data, granting them total control over the system.
- Lack of privilege management: Using the root account allows operations with full privileges, increasing the risk of accidental deletion or damage to critical system files. On the other hand, regular accounts can use the `sudo` command when necessary, preventing unnecessary system changes.
- Difficult to trace in case of security incidents: Direct root access makes it hard to track who performed what actions. When multiple users use the root account, it’s challenging to identify the person responsible for system problems. Using regular accounts with `sudo` leaves logs for easier tracking.
- Basic security guidelines ignored: Most security guides recommend disabling direct root access. Ignoring this leaves a major security vulnerability, making the server more prone to attacks.
For these reasons, it’s much safer to block direct SSH access for the root account and use regular accounts with the `sudo` command for necessary privileges.
6. Installing Server Monitoring Tools
Continuously monitoring your server’s status is another important aspect of maintaining security. Tools like basic logs, including Fail2Ban logs, as well as CPU, memory, and network usage monitoring, can be helpful.
Installing Netdata
`Netdata` is a real-time monitoring tool that visualizes CPU, memory, traffic, and more.
bash <(curl -Ss https://my-netdata.io/kickstart.sh)7. Checking for Security Updates
Regularly checking for and applying security patches is essential for maintaining server security.
Checking and Installing Updates
Use the following command to check and apply updates:
sudo apt update && sudo apt upgrade8. Checking Logs
Regularly checking log files for any anomalies on the server is important. For example, you can check the SSH login attempts with the following command.
sudo cat /var/log/auth.logConclusion: Security is the Key to Stable Server Operations
The security settings discussed so far are essential for server operations. SSH security, firewall configuration, and automatic updates are fundamental. By properly implementing these measures, you can significantly enhance the security of your server. Always remember that your server is a potential target for attacks, so it’s crucial to regularly audit security measures. Strengthen your server’s security starting today!