Securing your Linux server is critical to protect your data, applications, and infrastructure from unauthorized access and attacks. Two foundational steps to improve your server security are configuring a firewall and hardening SSH (Secure Shell) access.
In this guide, we’ll walk you through easy, effective measures to secure your Linux server — ideal for beginners and those managing VPS or dedicated servers.
1. Set Up a Basic Firewall Using UFW
UFW (Uncomplicated Firewall) is a user-friendly firewall tool commonly available on Ubuntu and Debian-based systems.
sudo ufw status
If it’s not installed, install it:
sudo apt install ufw -y
Step 2: Allow SSH Connections
Before enabling the firewall, allow SSH to avoid locking yourself out:
- sudo ufw allow ssh
Alternatively, if you use a custom SSH port (e.g., 2222):
- sudo ufw allow 2222/tcp
Step 3: Allow HTTP and HTTPS (For Web Servers)
- sudo ufw allow http
- sudo ufw allow https
Step 4: Enable UFW
- sudo ufw enable
Step 5: Verify Firewall Status
- sudo ufw status verbose
2. Harden SSH Access
SSH is your gateway to the server, so securing it is vital.
Step 1: Change Default SSH Port (Optional but Recommended)
Edit SSH config file:
#Port 22
Uncomment and change 22 to another port number (e.g., 2222):
Save and exit (Ctrl+O, Enter, Ctrl+X).
Restart SSH service:
- sudo ufw allow 2222/tcp
Step 2: Disable Root Login via SSH
In the same SSH config file (/etc/ssh/sshd_config), find:
- PermitRootLogin yes
Change it to:
- PermitRootLogin no
Save and restart SSH service again.
Step 3: Use SSH Key Authentication
SSH keys are more secure than passwords.
-
Generate SSH key pair on your local machine:
- ssh-keygen -t rsa -b 4096
-
Copy the public key to your server:
- ssh-copy-id -p 2222 username@your_server_ip
Replace 2222 with your SSH port if changed.
Step 4: Disable Password Authentication
Once SSH keys work, disable password login for SSH.
Edit /etc/ssh/sshd_config:
- PasswordAuthentication no
Save and restart SSH:
- sudo systemctl restart sshd
3. Additional Security Tips
-
Keep your system updated
- sudo apt update && sudo apt upgrade -y
- Install Fail2Ban to block suspicious IPs:
- sudo apt install fail2ban -y
- Regularly review SSH login attempts:
- sudo tail -f /var/log/auth.log
Final Thoughts
Basic firewall setup and SSH hardening are vital first steps to secure your Linux server. These measures help prevent unauthorized access and reduce attack surfaces — keeping your data and apps safe.
For a more streamlined, automated experience, consider VavenCloud’s managed VPS services, where security best practices come pre-configured with continuous monitoring and support.
Leave a Reply