Securing Your VPS: Basic Server Hardening

Proactive Server Security

Beyond a basic firewall, there are several key steps you can take to "harden" your Arh24.com VPS against common automated attacks and unauthorized access. This guide covers fundamental security enhancements.

1. Change the Default SSH Port

Automated bots constantly scan for SSH on the default port 22. Changing it reduces log noise and the risk of brute-force attacks.

1. Open the SSH configuration file with a text editor like nano:

   sudo nano /etc/ssh/sshd_config

2. Find the line #Port 22. Uncomment it (remove the #) and change 22 to a custom port number between 1025 and 65535 (e.g., Port 2255).
3. Save the file (Ctrl+O, Enter) and exit nano (Ctrl+X).
4. Important: You must allow your new port through the firewall BEFORE restarting SSH:

   sudo ufw allow 2255/tcp

5. Restart the SSH service to apply the change:

   sudo systemctl restart sshd

Note: From now on, you will need to specify the new port when connecting via SSH (e.g., ssh newuser@YOUR_SERVER_IP -p 2255).

2. Disable Root Login via SSH

Once you have a working sudo user, it's much more secure to disable direct root login over SSH.

1. Open the SSH configuration file again:

   sudo nano /etc/ssh/sshd_config

2. Find the line that says PermitRootLogin yes and change it to PermitRootLogin no.
3. Save and exit the file, then restart the SSH service as shown above.

Now, you must first log in as your standard user, then use sudo su to switch to the root user if needed.