🛡️ Secure your Linux VPS: SSH, Fail2ban, UFW#
Protect your server against attacks and intrusions with this comprehensive guide to secure a VPS on Linux. Perfect for web hosting, gaming, applications, or databases.
🎯 Objective#
- Strengthen SSH security
- Install an effective firewall (UFW)
- Protect against brute force attacks (Fail2ban)
🧰 Prerequisites#
- A VPS running Debian / Ubuntu
- Root or sudo access
- SSH connection
1️⃣ System update#
sudo apt update && sudo apt upgrade -y sudo apt autoremove --purge -y
2️⃣ Secure SSH access#
🔹 Change root password#
passwd
🔹 Disable SSH root access#
⚠️ Important: Before disabling root SSH access, create a user with sudo privileges and make sure you can log in with this account. Otherwise, you may lose access to your server.
adduser myuser usermod -aG sudo myuser
Edit /etc/ssh/sshd_config:
PermitRootLogin no
Restart SSH:
sudo systemctl restart sshd
🔹 Use SSH keys#
Generate a key on your PC:
ssh-keygen
Copy the key to the VPS:
ssh-copy-id user@vps_ip
3️⃣ Install and configure Fail2ban#
sudo apt install fail2ban -y sudo systemctl enable --now fail2ban
Customize /etc/fail2ban/jail.local to protect SSH and other services.
4️⃣ Enable and configure UFW firewall#
sudo apt install ufw -y sudo ufw allow OpenSSH sudo ufw enable sudo ufw status
To allow other services (e.g., HTTP, MySQL):
sudo ufw allow 80/tcp sudo ufw allow 3306/tcp
6️⃣ FAQ & common issues#
- Can't connect via SSH? Check UFW, Fail2ban, and SSH config from noVNC.
- Open ports? Use
sudo ufw statusto verify.
✅ Conclusion#
Your VPS is now secured and ready for production. Continue monitoring and updating your server for optimal security.