How to secure your VPS (firewall, SSH keys)

Last updated 2025-01-20 5 min read VPS Hosting

What this solves

A new VPS is exposed to the internet. This guide covers basic hardening: firewall and SSH.

Firewall

On Ubuntu/Debian: enable UFW: ufw allow 22 (SSH), ufw allow 80, ufw allow 443, then ufw enable. On CentOS: use firewalld or iptables to allow SSH, HTTP, HTTPS, then enable.

SSH keys

Generate a key on your PC (ssh-keygen). Copy the public key to the VPS: ssh-copy-id root@your.vps.ip. Test login with the key, then disable password auth in /etc/ssh/sshd_config: PasswordAuthentication no. Restart sshd.

Disable root login (optional)

Create a sudo user, add your key to it, then set PermitRootLogin no in sshd_config. Always ensure you can still log in as the sudo user before closing the root session.

Warning: Don’t lock yourself out. Test key login before disabling passwords.

When to contact support

If you’re locked out after changes, we can help with rescue or console access.

Related articles

Need help?

Open a support ticket and we'll assist you.

Open Support Ticket