LinuxSecurityDevOpsServer
A fresh VPS is a target within minutes of going live. These foundational steps stop the overwhelming majority of automated attacks. Do them before you deploy anything.
1. Use SSH Keys, Disable Password Login
bash
# /etc/ssh/sshd_config
PasswordAuthentication no
PermitRootLogin no
# then: sudo systemctl restart ssh2. Turn On a Firewall
bash
sudo ufw allow OpenSSH
sudo ufw allow 80,443/tcp
sudo ufw enable3. Block Brute Force With fail2ban
fail2ban watches auth logs and bans IPs after repeated failed logins — install it and the constant SSH brute-force noise disappears.
4. Patch and Least-Privilege
- Enable unattended security upgrades so critical patches apply automatically.
- Run your app as a non-root user with only the permissions it needs.
- Remove unused services and close every port you aren't actively using.
Defense in Depth
No single control is enough. Keys + firewall + fail2ban + updates + least privilege layer together so one mistake doesn't hand over the box.
