Security on Self Managed Hosting / VPS

Once I set up my VPS, I noticed that I was getting quite a bit of "internet noise".. login attempts into my box, automated bots? malicious hackers? dunno but one thing I knew for sure since I have used linux in the past, is that I need to secure it!

Sidenote: when I was in college, I remember one of my mates (@judebpereira) recommended I try/learn Gentoo, this "meta distribution" literally tests your patience to following a manual, my take: If you can install Gentoo from scratch, then you can follow any tutorial/manual/guide in life!)

The CentOS distribution that I chose was Centos 7 32bit "minimal", which comes with the bare minimal packages preinstalled.

The first thing that i'd want to do when I set up a VPS is to set up SSH properly.

If you are not familiar with SSH, its basically more secure than using password based authentication, and you can read all about here

- Step 1: Make sure the VPS is accessible

I first check whether I can log into the remote machine (VPS) via normal password authentication. ssh root@<your-server-ip> and enter the root user password when prompted.

- Step 2: set up ssh

I basically followed this https://www.ait.com/tech-corner/11483-how-to-setup-ssh-keys-on-a-vpsnbsp guide, with some modifications:

for step 2, I copy the content of ~/.ssh/id_rsa_test.pub (thats my public key) on my local machine and paste it into the file ~/.ssh/authorized_keys on my remote machine (the VPS).

Next I make sure the ssh daemon is running on the VPS, since I am using CentOS, I made sure it was running by checking service sshd start

- Step 3: harden the VPS => set up firewalld => turn off password authentication to ssh into the vps (make it key only) => set PasswordAuthentication as no in /etc/ssh/sshd_config implement fail2ban => this automatically add firewall rule to ban/block traffic coming from IP of failed login attempt

- Extras: Something else I like doing - extend the log file to 5k lines ; this helps when in future if you want to see what commands you did ; Refer to this guide :)

- Not really related to security of the VPS ; but on adding an SSL certificate => I followed this

blog