VPS Security Best Practices
Securing your VPS is essential to protect your applications and database files from brute-force attacks and scans.
1. Disable Root Password Login
We recommend using SSH Keys instead of passwords.
To disable password login:
- Open the SSH server configuration file:
sudo nano /etc/ssh/sshd_config
- Find or add the following parameter and set it to
no:PasswordAuthentication no - Save the file and restart the SSH service:
sudo systemctl restart ssh
2. Change Default SSH Port
Changing the default SSH port from 22 to a custom random port (e.g. 2288) cuts down on automated bot scans:
- Open SSH config:
/etc/ssh/sshd_config - Change
#Port 22toPort 2288 - Save the file, allow the port in your firewall (
sudo ufw allow 2288/tcp), and restart SSH.
3. Install Fail2ban
Fail2ban automatically blocks IPs showing malicious signs, such as too many failed password attempts:
sudo apt update
sudo apt install fail2ban -y
sudo systemctl start fail2ban
sudo systemctl enable fail2ban