This is a simple, straightforward guide to improving your VPS security.
Change the SSH port
1. Change the SSH port for the Ubuntu/Debian OSs
One of the most common points of attack is port 22. Changing this discourages many of them, as well as scripts set to check for that port. The SSH configuration file is sshd_config.
To open the SSH configuration file, use:
nano /etc/ssh/sshd_config
Find the row "#Port 22". To change the SSH port, remove the symbol #, and change the SSH port number.
Please note that the port number must be between 1024 and 65536.
Example of changed port:
In this case, the SSH port is 2424. When you change the SSH port in the configuration file, press CTRL + O, Enter, and CTRL + X. It will save your changes and close the file if it was opened with the nano editor.
The next step is to reboot the SSH service.
For Ubuntu 22.04 and below, use:
service sshd restart
For Ubuntu 24.04, use:
systemctl daemon-reload
systemctl restart ssh.socket
For Debian, use:
service sshd restart
2. Change the SSH port for the AlmaLinux/RockyLinux OSs
To do so, we need to open the SSH configuration file sshd_config and adjust the SSH port. We need to use the following command:
nano /etc/ssh/sshd_config
Find the row "#Port 22". To change the SSH port, remove the symbol #, and change the SSH port number:
Press CTRL + O, Enter, and CTRL + X to save changes and close the nano editor.
Now, we need to allow your new SSH port through SELinux
Start from semanage installation
sudo dnf whatprovides /usr/sbin/semanage
Installing policies:
sudo dnf install policycoreutils-python-utils
sudo semanage port -a -t ssh_port_t -p tcp new_port
Instead of new_port, use your new SSH port number
Now, we need to restart the SSH service:
sudo systemctl restart sshd
Use strong passwords
One of the most common causes of system breaches is the use of weak passwords. For a strong password, follow a few simple guidelines:
• Minimum password length should be 10 characters;
• Always use a mix of numbers, letters, uppercase, lowercase, and symbols (when allowed);
• Strong Password Example- T=ep@Uy*ST.
To change your root password, use:
passwd
Disable Root user
It is a security risk to keep the root user enabled. Most operations and installs should not be done using root. Instead, create a regular user, and if you need root privileges, use the sudo command.
To create a new user:
sudo useradd newuser
To set a password for a new user:
sudo passwd newuser
To verify if the user was created:
cat /etc/passwd | grep newuser
Output example:
Restrict SSH access by IP using IPtables
This adds a significant amount of security, but ensure you have a static IP.
First, open your IPtables rules:
nano /etc/sysconfig/iptables
Locate the line containing the rule with "--dport 22" fragment and add the following above it, making sure to change #### to the port you set for SSH and server_ip to your IP address:
-A INPUT -p tcp -s server_ip --dport #### -j ACCEPT
Save changes, and reboot the iptables service
service iptables restart
You can also refer to our other security articles: