So, you just purchased a super reliable and affordable VPS from SSD Nodes, and you're now ready to deploy your applications or install self-hosted software. But wait, you need to put first things first, and you must secure your VPS. This guide will walk you through exactly that! I will show you all of the essential steps you must take for strong VPS security.

Why You Should Secure Your VPS Server

VPS Security gives back exactly what you put into it. No matter how small or big the project you’re running on your VPS is, you need to be vigilant. Attackers are continually probing the entire internet for servers that they can easily commandeer, whether that’s through misconfigured SSH, weak passwords, or security bugs in server-side software. Attackers look for easy targets, move quick, and leave a lot of damage in their wake.

How to Secure Your VPS Servers

The goal of this guide is to give you easy-to-follow, high-value strategies for protecting your server. You should follow these steps when you first create an account with your VPS hosting provider and whenever you provision a new server. These tips will work on most VPS-hosted servers running one of the popular variants of Linux, such as Debian,Ubuntu, Fedora, or RockyLinux. Note: This guide is just the start of server security, but by following these steps, you'll avoid being an easy target, which is a crucial first step. For a more in-depth guide, check out Red Hat’s security guidebook.

Step 1) Perform Regular Security Updates

No matter what OS, software, and services you’re using on your new server, you want to ensure that they’re always up-to-date. The developers behind Linux distributions (Ubuntu, Debian, CentOS, and so on) are constantly updating software to patch and mitigate security issues. Not upgrading regularly can leave your server vulnerable to known, exploitable flaws. Luckily, most Linux distributions (and all those available through SSD Nodes) come with a package manager that makes updates incredibly easy. VPS Security Updates

Ubuntu/Debian

For Ubuntu/Debian, the updating process uses a tool called apt.

sudo apt update
sudo apt upgrade

The first command updates the list of available software, and the second downloads and installs any new updates for software you currently have installed.

Rocky Linux/AlmaLinux/CentOS/RHEL

For Rocky Linux, AlmaLinux, CentOS, and RHEL, the updating process uses a tool called dnf.

sudo dnf check-update

sudo dnf upgrade

The first command checks for updates and the second updates the list of available packages and installs any new updates for the software currently installed.

Avoid Installations With Deb/Rpm

It can be tempting to use the tools behind these package management systems such as deb and rpm to install external packages. At SSD Nodes, we recommend against this practice, namely because it creates dependency issues if you aren’t fully aware of the consequences of installing a certain package. As a rule of thumb, only install software with the appropriate package manager for your system: apt or dnf. If you must install software not in the package manager, you can use developer-created repositories like Ubuntu's PPAs, which integrate with the system for updates but come with lower security than official repositories.

Update Other Software

If your VPS server hosts a web app with its own package manager, like Node.js with npm, keep its packages updated. Popular platforms like WordPress also require timely updates due to their large codebases and frequent security patches.

Step 2) Implement Strong, Unique Passwords

Before we dive into VPS-specific strategies, we need to talk about cybersecurity at its most fundamental: passwords. There are three ways for attackers to successfully acquire your password to any service: they can make educated guesses based on what they learn about you as a person (your birthday, your favorite hobby, the name of your child), they can use computer programs that use “brute force” by trying millions of passwords until one actually works, or they can download lists of common passwords in hope that you’re the kind of person who uses “password123” on every website. It should come as no surprise then that the more complex your password is, the more difficult it will be to guess using any of two strategies. You want your passwords to be both strong and unique.

What Is a Strong Password?

Here at SSD Nodes, we have some general guidelines:

A minimum of 10 characters
No words you can find in a dictionary(“cot,”"password,’“tree”)
No words or numbers that reference personal information, such as a birthday or the name of a child
Both upper and lowercase letters
At least one symbol (# $!% &)

Why Does Uniqueness Matter?

You want to use a different password for every website. That way, if an attacker manages to figure out one of your passwords, they can’t then use that same password to access all your other accounts. The same policy goes for your virtual private servers.

How Do I Create Strong, Unique Passwords?

The easiest way is using a password manager like LastPass or 1Password, which stores and generates strong passwords, requiring you to remember only a secure master password. Alternatively, you can create unique passwords using a pattern or mnemonic device.

Dashboard Area

To change your password on the SSD Nodes dashboard, visit the Change Password page. You want to ensure that any user account that you’ll use to connect to your server is protected with a strong password. The first time you connect to a newly-provisioned VPS, we recommend changing the root password. This can be done easily with the passwd command:

$ passwd

Two-factor Authentication

Two-factor authentication (2FA) is increasingly common for accounts holding sensitive information, like emails, and bank accounts. With 2FA enabled, you’ll need both your password and another verification method, such as a code sent to your phone. This adds an extra layer of security, requiring attackers to compromise both your password and your physical device. For example, Facebook may send a 6-digit code to your phone if you log in from a new device. By entering the code, you prove your identity and gain access. SSD Nodes supports 2FA and strongly recommends enabling it for your dashboard account. Set it up by clicking your user icon, selecting Security settings, and following the prompts. For more details, check out our tutorial: Enabling Two-Factor Authentication with SSD Nodes.

Database Passwords

Hackers will often probe for easy access to databases (such as MySQL), which they can use as an access point for the entire server. Always ensure your database root password is strong and unique. Later, we’ll cover restricting access to MySQL’s port (3306) for added security, but a strong password can deter further damage if your server is compromised.

Step 3) Use SSH Keys

Secure Shell (SSH) is the primary way people connect to their servers. SSH is a secure,encrypted protocol on its own, but there is a way to make it even stronger: SSH authentication keys. Using authentication keys is similar to using 2FA on your SSD Nodes dashboard. Instead of relying solely on passwords to log into your server, you’re using a secret key that only you have. You can even password-protect these keys for maximum security.

Generate an SSH Key Pair

On your Linux or OS X machine, you can create an SSH key pair using the ssh-keygen tool. Follow the prompts to create your public/private key pair. On Windows machines, you can use PuTTY, our recommended tool for Windows users who want to connect to their VPS. For SSH keys that you’ll use to log into your VPS and make administrative changes,install programs, or

Continue reading this article
by subscribing to our newsletter.

VPS Security: 6 Critical Steps to Secure Your VPS Servers

Abdelhadi Dyouri

Share it on: