Basic security

Something we've already done

Guess what? You already did some steps - we changed a port number. But that's far away from being secure. Well, one can never be secure enough. And honestly, steps explained here wont be enough to make your install bullet-proof. But they will be enough to get you started. I hope that you can get some confidence and do more security-related stuff by your own after.

Default usually means "easy to guess". Keep that in mind.

System upgrade

I guess reasoning behind this is pretty simple: outdated software is always risky. To update (or rather upgrade) your Debian login to your VPS and type the code.

apt-get update && apt-get upgrade

What we did here is fetching of infos about available packages versions and then upgrade of all installed packages (we connected those 2 steps with &&). Do that often.

Root ain't good

Using your root account is not recommended. You should avoid it.

How? We will create new user to be used instead of root account.

adduser yourname

You will be asked to create password and some another questions. Next we need to install sudo, so we can use our new account instead of root. Sudo is not yet installed, so let's do that first.

apt-get update && apt-get install sudo

It's always good idea to keep repositories updated with apt-get update before installing anything.

Sudo allows some users to execute some commands as root. But first it need to be configured by someone who is system administrator, in our case root. You are logged in as root, so type following to add your new user to sudoers.

adduser yourname sudo

Log out from console (little homework, research it if you have not done it, yet) and you should be able to login with your new user. The same way you did with your root account. You might notice the change in your command line. Remember how it looked before? What has changed?

[email protected]:~$

There is a lot to learn about command line, but I will let you do it by yourself. Also there is a big chance you are already familiar with that stuff.

Sudo usage

We talked about how to set-up sudo, but nothing about how to use it. Let's show one example. First, log in as you would with root account, but use your new username and password instead. Then type following to test whether all works fine. If you followed previous steps, it should.

sudo apt-get update

Not all command line programs and commands are require to run with sudo.

Exactly, usually it's only commands that got to do something with system administration and config. Be careful about running commands as root via sudo. Try runnig repositories update without sudo.

/etc/ssh/sshd_config

Open the file with your favourite editor, we will make some changes.

PermitRootLogin no

Just a seconds ago we checked that we can login with our new user and we can become root via sudo, so we are good to get rid of root login. Reasonable step. And don't forget to restart SSH service like we did when changing port.

Doing more

I wonder, do you feel comfortable with your VPS already? There is one more step that you could do: not using passwords but keys to login. There is a lot of resources online about it. Here is one I found useful.

But that's for sure not the only thing you could do more. You can install firewall, set IP that can log in, and much more. As always, internet is your friend.