{"id":1090,"date":"2025-07-20T04:55:22","date_gmt":"2025-07-20T04:55:22","guid":{"rendered":"https:\/\/blog.vavencloud.com\/?p=1090"},"modified":"2025-07-20T04:55:22","modified_gmt":"2025-07-20T04:55:22","slug":"secure-your-linux-server-with-basic-firewall-and-ssh-hardening","status":"publish","type":"post","link":"https:\/\/blog.vavencloud.com\/?p=1090","title":{"rendered":"\ud83d\udd12 How to Secure Your Linux Server with Basic Firewall and SSH Hardening"},"content":{"rendered":"<p data-start=\"304\" data-end=\"566\">Securing your Linux server is critical to protect your data, applications, and infrastructure from unauthorized access and attacks. Two foundational steps to improve your server security are <strong data-start=\"495\" data-end=\"521\">configuring a firewall<\/strong> and <strong data-start=\"526\" data-end=\"565\">hardening SSH (Secure Shell) access<\/strong>.<\/p>\n<p data-start=\"568\" data-end=\"725\">In this guide, we&#8217;ll walk you through easy, effective measures to secure your Linux server \u2014 ideal for beginners and those managing VPS or dedicated servers.<\/p>\n<hr data-start=\"727\" data-end=\"730\" \/>\n<h2 data-start=\"732\" data-end=\"771\">1. Set Up a Basic Firewall Using UFW<\/h2>\n<p data-start=\"773\" data-end=\"893\"><strong data-start=\"773\" data-end=\"805\">UFW (Uncomplicated Firewall)<\/strong> is a user-friendly firewall tool commonly available on Ubuntu and Debian-based systems.<\/p>\n<blockquote>\n<p data-start=\"895\" data-end=\"932\"><strong>sudo ufw status<\/strong><\/p>\n<\/blockquote>\n<p>If it\u2019s not installed, install it:<\/p>\n<blockquote><p><strong>sudo apt install ufw -y<\/strong><\/p><\/blockquote>\n<h3 data-start=\"1036\" data-end=\"1069\">Step 2: Allow SSH Connections<\/h3>\n<p data-start=\"1071\" data-end=\"1141\">Before enabling the firewall, allow SSH to avoid locking yourself out:<\/p>\n<blockquote>\n<ul>\n<li data-start=\"1071\" data-end=\"1141\">sudo ufw allow ssh<\/li>\n<\/ul>\n<\/blockquote>\n<p data-start=\"1071\" data-end=\"1141\">Alternatively, if you use a custom SSH port (e.g., 2222):<\/p>\n<blockquote>\n<ul>\n<li data-start=\"1071\" data-end=\"1141\">sudo ufw allow 2222\/tcp<\/li>\n<\/ul>\n<\/blockquote>\n<p data-start=\"1071\" data-end=\"1141\">Step 3: Allow HTTP and HTTPS (For Web Servers)<\/p>\n<blockquote>\n<ul>\n<li>sudo ufw allow http<\/li>\n<li>sudo ufw allow https<\/li>\n<\/ul>\n<\/blockquote>\n<p data-start=\"1071\" data-end=\"1141\">Step 4: Enable UFW<\/p>\n<blockquote>\n<ul>\n<li data-start=\"1071\" data-end=\"1141\">sudo ufw enable<\/li>\n<\/ul>\n<\/blockquote>\n<p data-start=\"1071\" data-end=\"1141\">Step 5: Verify Firewall Status<\/p>\n<blockquote>\n<ul>\n<li data-start=\"1071\" data-end=\"1141\">sudo ufw status verbose<\/li>\n<\/ul>\n<\/blockquote>\n<h2 data-start=\"1508\" data-end=\"1531\">2. Harden SSH Access<\/h2>\n<p data-start=\"1533\" data-end=\"1592\">SSH is your gateway to the server, so securing it is vital.<\/p>\n<h3 data-start=\"1594\" data-end=\"1656\">Step 1: Change Default SSH Port (Optional but Recommended)<\/h3>\n<p data-start=\"1658\" data-end=\"1679\">Edit SSH config file:<\/p>\n<blockquote>\n<ul>\n<li class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">sudo nano \/etc\/ssh\/sshd_config<\/li>\n<\/ul>\n<\/blockquote>\n<div>Find the line:<\/div>\n<blockquote>\n<div>#Port 22<\/div>\n<\/blockquote>\n<div>\n<p data-start=\"1759\" data-end=\"1823\">Uncomment and change <code data-start=\"1780\" data-end=\"1784\">22<\/code> to another port number (e.g., <code data-start=\"1815\" data-end=\"1821\">2222<\/code>):<\/p>\n<blockquote>\n<ul>\n<li class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">Port 2222<\/li>\n<\/ul>\n<\/blockquote>\n<div>\n<p data-start=\"1844\" data-end=\"1888\">Save and exit (<code data-start=\"1859\" data-end=\"1867\">Ctrl+O<\/code>, <code data-start=\"1869\" data-end=\"1876\">Enter<\/code>, <code data-start=\"1878\" data-end=\"1886\">Ctrl+X<\/code>).<\/p>\n<p data-start=\"1890\" data-end=\"1910\">Restart SSH service:<\/p>\n<blockquote>\n<ul>\n<li class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">sudo systemctl restart sshd<\/li>\n<\/ul>\n<\/blockquote>\n<div>Remember to update your firewall rule if you changed the port:<\/div>\n<blockquote>\n<ul>\n<li>sudo ufw allow 2222\/tcp<\/li>\n<\/ul>\n<\/blockquote>\n<div>\n<h3 data-start=\"2059\" data-end=\"2097\">Step 2: Disable Root Login via SSH<\/h3>\n<p data-start=\"2099\" data-end=\"2158\">In the same SSH config file (<code data-start=\"2128\" data-end=\"2150\">\/etc\/ssh\/sshd_config<\/code>), find:<\/p>\n<blockquote>\n<ul>\n<li data-start=\"2099\" data-end=\"2158\">PermitRootLogin yes<\/li>\n<\/ul>\n<\/blockquote>\n<p data-start=\"2099\" data-end=\"2158\">Change it to:<\/p>\n<blockquote>\n<ul>\n<li data-start=\"2099\" data-end=\"2158\">PermitRootLogin no<\/li>\n<\/ul>\n<\/blockquote>\n<p data-start=\"2232\" data-end=\"2267\">Save and restart SSH service again.<\/p>\n<hr data-start=\"2269\" data-end=\"2272\" \/>\n<h3 data-start=\"2274\" data-end=\"2312\">Step 3: Use SSH Key Authentication<\/h3>\n<p data-start=\"2314\" data-end=\"2354\">SSH keys are more secure than passwords.<\/p>\n<ul data-start=\"2356\" data-end=\"2402\">\n<li data-start=\"2356\" data-end=\"2402\">\n<p data-start=\"2358\" data-end=\"2402\">Generate SSH key pair on your local machine:<\/p>\n<\/li>\n<\/ul>\n<blockquote>\n<ul>\n<li>ssh-keygen -t rsa -b 4096<\/li>\n<\/ul>\n<\/blockquote>\n<ul data-start=\"2356\" data-end=\"2402\">\n<li data-start=\"2443\" data-end=\"2480\">\n<p data-start=\"2445\" data-end=\"2480\">Copy the public key to your server:<\/p>\n<\/li>\n<\/ul>\n<blockquote>\n<ul>\n<li>ssh-copy-id -p 2222 username@your_server_ip<\/li>\n<\/ul>\n<\/blockquote>\n<p data-start=\"2539\" data-end=\"2584\">Replace <code data-start=\"2547\" data-end=\"2553\">2222<\/code> with your SSH port if changed.<\/p>\n<hr data-start=\"2586\" data-end=\"2589\" \/>\n<h3 data-start=\"2591\" data-end=\"2634\">Step 4: Disable Password Authentication<\/h3>\n<p data-start=\"2636\" data-end=\"2687\">Once SSH keys work, disable password login for SSH.<\/p>\n<p data-start=\"2689\" data-end=\"2717\">Edit <code data-start=\"2694\" data-end=\"2716\">\/etc\/ssh\/sshd_config<\/code>:<\/p>\n<blockquote>\n<ul>\n<li data-start=\"2689\" data-end=\"2717\">PasswordAuthentication no<\/li>\n<\/ul>\n<\/blockquote>\n<p data-start=\"2689\" data-end=\"2717\">Save and restart SSH:<\/p>\n<blockquote>\n<ul>\n<li data-start=\"2689\" data-end=\"2717\">sudo systemctl restart sshd<\/li>\n<\/ul>\n<\/blockquote>\n<h2 data-start=\"2823\" data-end=\"2853\">3. Additional Security Tips<\/h2>\n<ul data-start=\"2855\" data-end=\"3138\">\n<li data-start=\"2855\" data-end=\"2945\">\n<p data-start=\"2857\" data-end=\"2888\"><strong data-start=\"2857\" data-end=\"2886\">Keep your system updated<\/strong><\/p>\n<\/li>\n<\/ul>\n<blockquote>\n<ul>\n<li>sudo apt update &amp;&amp; sudo apt upgrade -y<\/li>\n<\/ul>\n<\/blockquote>\n<ul data-start=\"2855\" data-end=\"3138\">\n<li data-start=\"2855\" data-end=\"2945\">Install Fail2Ban to block suspicious IPs:<\/li>\n<\/ul>\n<blockquote>\n<ul>\n<li>sudo apt install fail2ban -y<\/li>\n<\/ul>\n<\/blockquote>\n<ul data-start=\"2855\" data-end=\"3138\">\n<li data-start=\"2855\" data-end=\"2945\">Regularly review SSH login attempts:<\/li>\n<\/ul>\n<blockquote>\n<ul>\n<li>sudo tail -f \/var\/log\/auth.log<\/li>\n<\/ul>\n<\/blockquote>\n<h2 data-start=\"3145\" data-end=\"3162\">Final Thoughts<\/h2>\n<p data-start=\"3164\" data-end=\"3363\">Basic firewall setup and SSH hardening are vital first steps to secure your Linux server. These measures help prevent unauthorized access and reduce attack surfaces \u2014 keeping your data and apps safe.<\/p>\n<p data-start=\"3365\" data-end=\"3548\">For a more streamlined, automated experience, consider <strong data-start=\"3420\" data-end=\"3448\">VavenCloud\u2019s managed VPS<\/strong> services, where security best practices come pre-configured with continuous monitoring and support.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Securing your Linux server is critical to protect your data, applications, and infrastructure from unauthorized access and attacks. Two foundational steps to improve your server security are configuring a firewall and hardening SSH (Secure Shell) access. In this guide, we&#8217;ll walk you through easy, effective measures to secure your Linux server \u2014 ideal for beginners [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1092,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-1090","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server-security"],"_links":{"self":[{"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=\/wp\/v2\/posts\/1090","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1090"}],"version-history":[{"count":0,"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=\/wp\/v2\/posts\/1090\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1090"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1090"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.vavencloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1090"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}