Something we've already done
Guess what? You already did some steps - we changed a port number. (It was rather changed for us, in a way, but...)
But that's far away from being secure. Well, one can never be secure enough. And honestly, steps explained here wont be enough to make your install bullet-proof. But they will be enough to get you started. I hope that you can get some confidence and do more security-related stuff on your own later.
Default usually means "easy to guess". Keep that in mind.
I guess reasoning behind this is pretty simple: outdated software is always risky. To update (or rather upgrade) your Debian login to your VPS and type the code.
apt-get update && apt-get upgrade
What we did here is fetching of infos about available packages versions and then upgrade of all installed packages (we connected those 2 steps with &&). Do that often.
Root ain't good
Using your root account is not recommended. You should avoid it.
How? We will create new user to be used instead of root account.
You will be asked to create password and some another questions. Next we need to install sudo, so we can use our new account instead of root. Sudo might not yet be installed, so let's do that first.
apt-get update && apt-get install sudo
It's always good idea to keep repositories updated with apt-get update before installing anything.
Sudo allows some users to execute some commands as root. But first it need to be configured by someone who is system administrator, in our case root. You are logged in as root, so type following to add your new user to sudoers.
adduser yourname sudo
Log out from console (little homework, research it if you have not done it, yet) and you should be able to login with your new user. The same way you did with your root account. You might notice the change in your command line. Remember how it looked before? What has changed?
There is a lot to learn about command line, but I will let you do it by yourself. Also there is a big chance you are already familiar with that stuff.
We talked about how to set-up sudo, but nothing about how to use it. Let's show one example. First, log in as you would with root account, but use your new username and password instead. Then type following to test whether all works fine. If you followed previous steps, it should.
sudo apt-get update
Not all command line programs and commands are require to run with sudo.
Exactly, usually it's only commands that got to do something with system administration and config. Be careful about running commands as root via sudo. Try runnig repositories update without sudo.
Open the file with your favourite editor, we will make some changes.
Just a seconds ago we checked that we can login with our new user and we can become root via sudo, so we are good to get rid of root login. Reasonable step. And don't forget to restart SSH service. Might be done with
sudo service ssh restart
I wonder, do you feel comfortable with your VPS already? There is one more step that you could do: not using passwords but keys to login. There is a lot of resources online about it. Here is one I found useful.
But that's for sure not the only thing you could do more. You can install firewall, set IP that can log in, and much more. As always, internet is your friend.
up next: static website