Learn how to protect your server from hackers using simple steps 🚀
If your server is open: - Hackers can access your data 😨 - Your server can be used for attacks - Your project can go down anytime
👉 Securing your server is must, not optional!
sudo apt update && sudo apt upgrade -y
✔ Fixes security vulnerabilities
✔ Keeps system up to date
UFW = Uncomplicated Firewall
sudo apt install ufw -y
sudo ufw allow OpenSSH
sudo ufw enable
Check status:
sudo ufw status
👉 Blocks unwanted traffic
Edit SSH config:
sudo nano /etc/ssh/sshd_config
Find:
PermitRootLogin yes
Change to:
PermitRootLogin no
Restart SSH:
sudo systemctl restart ssh
👉 Root login is a major security risk
Generate key (on local PC):
ssh-keygen
Copy key to server:
ssh-copy-id username@your_server_ip
👉 Login without password (more secure)
Edit config again:
sudo nano /etc/ssh/sshd_config
Find:
PasswordAuthentication yes
Change:
PasswordAuthentication no
Restart SSH:
sudo systemctl restart ssh
👉 Only SSH key login allowed 🔒
Change port:
Port 2222
Allow in firewall:
sudo ufw allow 2222
sudo systemctl restart ssh
👉 Adds extra protection
sudo apt install fail2ban -y
sudo systemctl enable fail2ban
Check status:
sudo systemctl status fail2ban
👉 Protects from brute-force attacks
sudo ufw allow 22
👉 Ensure SSH port is allowed
👉 Always keep one session open before changes
chmod 600 ~/.ssh/authorized_keys
Never expose your server without:
- Firewall
- SSH key
- Disabled root login
👉 These are basic DevOps rules