So you just got a new VPS and/or dedicated server and you want to use it as a webserver, fileserver, mailserver or maybe even all of the above. Buy before you do any of that, you KNOW that you gotta harden the security on it right… rightt??? Of course you do… In this tutorial we are going to go through the steps of locking down a server out there on the internet and making it safe enough to host our applications.
Note: While I am writing this for ubuntu 14.04, it should be exactly the same for debian and any other debian based distro (including previous versions of ubuntu)
Step 1 – Login to the Server
Before we can start configuring we need to login to said server, to do this, assuming you have windows we can either download putty (easy and just works) or cygwin (my preferred option but you need to select ssh during installation). If you have linux or mac, just open up your ‘terminal’ and type
Replace ‘192.168.1.1’ with your server’s ip address and ‘root’ with the login for your server, if you are unsure what your username is, leave it as root.
Accept whatever certificate it provides and enter your password when it prompts you for it.
Step 2 – Change the root Password
Now that we have logged into our server we want to immedieately change the root password, to do this we type
At the prompt enter and confirm your new password.
Step 3 – Change Default SSH Port
Now that we have changed out default password, to make it even more difficult for intruders we change the default ssh port. Open up config file
find the line that says
and replace 22 with any number between 1000 and 65000 and is not already found in the TCP area of this wiki article.
Tip: to exit nano press Ctrl + Z. It will ask you to save.. type Y then enter to overwrite.
Step 4 – Reload SSH
To restart the ssh service type
service ssh restart
you can now logout of your server
and relog with the command
ssh [email protected] -p 4444
with 4444 being the port you previously chose.
Thats it for this tutorial, if you are still a bit paranoid about your server, we can secure it even more by installing denyhosts, or you can skip that and move on to Setting up an Ubuntu/Debian LAMP Server or maybe you would prefer to Setup a LEMP Server.