Learn how to protect your server from hackers using simple steps ๐
If your server is open: - Hackers can access your data ๐จ - Your server can be used for attacks - Your project can go down anytime
๐ Securing your server is must, not optional!
sudo apt update && sudo apt upgrade -y
โ Fixes security vulnerabilities
โ Keeps system up to date
UFW = Uncomplicated Firewall
sudo apt install ufw -y
sudo ufw allow OpenSSH
sudo ufw enable
Check status:
sudo ufw status
๐ Blocks unwanted traffic
Edit SSH config:
sudo nano /etc/ssh/sshd_config
Find:
PermitRootLogin yes
Change to:
PermitRootLogin no
Restart SSH:
sudo systemctl restart ssh
๐ Root login is a major security risk
Generate key (on local PC):
ssh-keygen
Copy key to server:
ssh-copy-id username@your_server_ip
๐ Login without password (more secure)
Edit config again:
sudo nano /etc/ssh/sshd_config
Find:
PasswordAuthentication yes
Change:
PasswordAuthentication no
Restart SSH:
sudo systemctl restart ssh
๐ Only SSH key login allowed ๐
Change port:
Port 2222
Allow in firewall:
sudo ufw allow 2222
sudo systemctl restart ssh
๐ Adds extra protection
sudo apt install fail2ban -y
sudo systemctl enable fail2ban
Check status:
sudo systemctl status fail2ban
๐ Protects from brute-force attacks
sudo ufw allow 22
๐ Ensure SSH port is allowed
๐ Always keep one session open before changes
chmod 600 ~/.ssh/authorized_keys
Never expose your server without:
- Firewall
- SSH key
- Disabled root login
๐ These are basic DevOps rules