Basic Security Steps After Receiving a Linux VPS

Quick Summary

After receiving a Linux VPS, you should secure it before hosting websites, applications, or mail services.

Important

A VPS is usually self-managed unless managed support is included. You are responsible for server security, software, updates, and backups.

Step 1: Change the Root Password

After logging in, run:

passwd

Use a strong password with:

  • Uppercase letters
  • Lowercase letters
  • Numbers
  • Symbols
  • At least 12 characters

Step 2: Update the Operating System

For Ubuntu or Debian:

apt update && apt upgrade -y

For AlmaLinux, Rocky Linux, or CentOS:

yum update -y

or:

dnf update -y

Step 3: Create a New User

Example:

adduser username

Give sudo access if needed:

usermod -aG sudo username

Step 4: Disable Direct Root Login, If Possible

Edit SSH configuration:

nano /etc/ssh/sshd_config

Find:

PermitRootLogin yes

Change to:

PermitRootLogin no

Restart SSH:

systemctl restart ssh

Important

Make sure your new user can log in before disabling root access.

Step 5: Change the Default SSH Port

Edit SSH configuration:

nano /etc/ssh/sshd_config

Find:

Port 22

Change it to another port, for example:

Port 2222

Before restarting SSH, allow the new port in your firewall.

Restart SSH:

systemctl restart ssh

Step 6: Enable Firewall

For Ubuntu/Debian with UFW:

ufw allow ssh

ufw enable

If using a custom SSH port:

ufw allow 2222/tcp

ufw enable

Step 7: Install Fail2Ban

For Ubuntu/Debian:

apt install fail2ban -y

For AlmaLinux/Rocky/CentOS:

yum install fail2ban -y

Step 8: Use SSH Keys

SSH keys are more secure than password login.

Recommended practice:

  1. Generate an SSH key on your computer.
  2. Add the public key to your VPS.
  3. Test SSH key login.
  4. Disable password login only after confirming key login works.

Step 9: Install Only Trusted Software

Avoid:

  • Nulled scripts
  • Unknown installation commands
  • Untrusted repositories
  • Pirated control panels
  • Suspicious plugins
  • Unverified mail scripts

Step 10: Set Up Backups

Keep backups of:

  • Website files
  • Databases
  • Configuration files
  • Application data
  • Email data, if hosted

Important Reminders

  • Keep the operating system updated.
  • Use strong passwords.
  • Close unused ports.
  • Monitor login attempts.
  • Review logs regularly.
  • Keep backup copies outside the VPS.

Need Help?

Open a support ticket:

https://bill.cybrohost.com/submitticket.php

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to Connect to a Linux VPS Using SSH

How to Connect to a Linux VPS Using SSH Quick Summary SSH is used to securely access and manage...