VPS Security

This guide will help you secure your VPS server against unauthorized access and attacks.

Overview

System Updates

First, update your system:

apt update
apt upgrade -y

Automatic Updates

apt install unattended-upgrades
dpkg-reconfigure unattended-upgrades

Creating a Non-Root User

Create a new user for daily work:

adduser newuser
usermod -aG sudo newuser

Now log in as the new user and use sudo for administrative tasks.

SSH Key Setup

Generate a Key

On your local machine:

ssh-keygen -t ed25519 -C "[email protected]"

Copy Key to Server

ssh-copy-id -i ~/.ssh/id_ed25519.pub [email protected]

Verify Connection

ssh [email protected]

SSH Configuration

Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Recommended Settings

After changes, restart SSH:

sudo systemctl restart sshd

Warning: Before disconnecting, verify you can log in with the new method!

Firewall Setup (UFW)

# Installation
sudo apt install ufw
 
# Allow SSH (YOUR port!)
sudo ufw allow 2222/tcp
 
# Allow HTTP/HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
 
# Allow from specific IP
sudo ufw allow from 192.168.1.100 to any port 2222
 
# Enable firewall
sudo ufw enable
 
# Show status
sudo ufw status verbose

Fail2ban Installation and Configuration

Fail2ban protects against brute-force attacks:

sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Custom Configuration

sudo nano /etc/fail2ban/jail.local

[sshd]
enabled = true
port = 2222
maxretry = 3
bantime = 3600
findtime = 600

sudo systemctl restart fail2ban

Security Checklist

Emergency Recovery

Locked Out of Server

If you cannot log in:

1. Open VNC Console in the CoreSynth dashboard
2. Log in as root
3. Check and fix SSH settings
4. Restart SSH: systemctl restart sshd

Disable Firewall via VNC

ufw disable

Next Steps

• Linux Basics — Get familiar with the terminal
• Firewall — Advanced firewall configuration
• Backups — Back up your data

Need help? Open a support ticket  or ask Alex.