The term VPS refers to a virtual private server. It’s a web hosting service that divides a bare-metal server into smaller virtual machines. These virtual machines are then rented out for a fraction of the cost of a dedicated server, and each one functions as a separate server with its own operating system and resources.
As you may have guessed, a Linux VPS Malaysia is a virtual private server that runs a Linux distribution such as Debian, Ubuntu, CentOS, RHEL, and so on.
1. Using complex and unpredictable passwords
Choosing a secure password is the most critical step in securing a Linux VPS.
The first attempt by hackers to penetrate your system will be through Brute Force attacks. It’s practically hard for them to obtain access to your server if you use a complex and unpredictable password.
Here are some suggestions for creating a complicated password:
Use a minimum of 12 characters.
Make use of both upper and lower case letters.
Place numbers in between the letters.
Use characters that aren’t numeric or letters.
2. Disable login with root user
As a root user, you will have complete control over your Linux VPS Terminal and will be able to make any changes you want. When you disable root user login, the individual who logs in will no longer be able to use root rights. This is a good precaution to take because the user will have to input the password again to acquire access to root powers.
Open the file “etc/ssh/sshd_config/” with an editor:
nano /etc/ssh/sshd_config
Look for the following statement in this file and change the word yes to no.
# Prevent root logins:
PermitRootLogin no
Restart the SSH service after making changes and save the file.
service ssh restart
3. Restrict user logins to secure VPS
You may have a large number of usernames on your server, but only a few of them need to be logged in.
Assume you have ten Linux VPS users, but only two of them (Sophia and Emma) should be able to login to the server remotely.
Open the sshd config file with an editor to limit Linux VPS users.
nano /etc/ssh/sshd_config
After the file is opened,
AllowUsers Sophia Emma
Restart the SSH service after making changes and save the file.
Service ssh restart
4. Disable protocol 1
Protocol 1 and Protocol 2 are the two protocols used by the SSH service. Protocol 1 is less secure than Protocol 2, hence you should utilise Protocol 2 in your conversations.
In order to disable protocol 1, open the “sshd_config” file with an editor.
nano /etc/ssh/sshd_config
Find the following statement and change to “protocol 2”.
# Protocol 2,1
Protocol 2
Restart the SSH service after making changes and save the file.
Service ssh restart
5. Use non-standard ports for SSH
Because the default SSH service port is 22, hackers will examine this port first. Administrators may change the SSH port to 2222 in some instances, but you should be aware that hackers will check port 22 first, and if that fails, they will switch to port 2222. It’s preferable to choose ports with a large number of digits that aren’t used by other services. The optimum range is 10,000 to 65,000, with the most of them being free.
We have a comprehensive explanation on how to change the SSH port that will assist you in gaining a thorough understanding of the process.
6. Filter SSH connections with a firewall
You can use the following command to isolate your connection to the SSH service if you only connect remotely to the server and use a certain IP.
iptables -A INPUT -p tcp -s 5.56.233.9 -dport 22 -j -ACCEPT
By entering the above command, you can only connect to the server from a system that has an IP address of 5.56.233.9.
If you want to access the server from all locations, enter the below commands:
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh –rsource
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
In the first command, you grant all IPs access to port 22.
The second command instructs the firewall to prohibit IPs that deliver numerous requests in under 60 seconds.
7. Use the Security Keys for identification
You don’t need to enter a password to use your terminal. You can totally eliminate password logging, requiring no password to connect to the server. This feature safeguards against some types of attacks, such as brute force.
8. Keep servers up to date
One of the most important things to remember is to keep your server updated. Linux VPS servers should be updated on a regular basis to address security and performance issues. Security upgrades and patches for recently found vulnerabilities are frequently included in newly released versions of an operating system. Hackers may use these vulnerabilities to obtain access to your Linux VPS if your server is not up to date.