305 words
2 minutes
Initial Server Setup and Security Essentials for Debian
2024-08-25
Server
Linux
/
Security
/
Server

Initial Server Setup and Security Essentials for Debian#

This guide covers essentials for setting up and securing your Debian or Ubuntu VPS, including disabling root login, passwordless SSH, and changing SSH port.

Prerequisites#

  • VPS with root access, such as a DigitalOcean Droplet or Hetzner Cloud instance

Connect to your server using SSH:

ssh [email protected]

Update your server:

apt update && apt upgrade -y

1. Disable Root Login#

Using a non-root user prevents accidental changes to system files and reduces attack risks, as the root account is a common target for attackers.

Create new user:

adduser username

Give new user sudo privileges:

usermod -aG sudo username

Open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Locate the line with #PermitRootLogin yes and change it to PermitRootLogin no.

#PermitRootLogin yes
PermitRootLogin no

2. Passwordless SSH Authentication#

SSH authentication lets you log in without typing a password. The server checks if the private key on your machine matches the public key on the server. If they match, you get access.

On your local machine, generate a new SSH key pair:

ssh-keygen -t ed25519 -a 100 -f ~/.ssh/id_ed25519_keyname -C "keyname"

Back up your SSH key, located at ~/.ssh.

Copy your public SSH key to your server:

ssh-copy-id -i ~/.ssh/id_ed25519_keyname.pub [email protected]

Log in to your server and open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Locate the line with #PasswordAuthentication yes and change it to PasswordAuthentication no.

#PasswordAuthentication yes
PasswordAuthentication no

Run:

sudo visudo

Look for the line with %sudo ALL=(ALL:ALL) ALL and change it.

%sudo   ALL=(ALL:ALL) NOPASSWD: ALL

Change SSH key every few years. Remove the old key from ~/.ssh/authorized_keys on your server.

3. Change the Default SSH Port#

By default, SSH listens on port 22. Because it’s well-known, port 22 is a common target for automated attacks and brute force attempts. Changing SSH port can reduce the volume of these attacks.

Open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Locate the line with #Port 22 and change it to Port 2222.

#Port 22
Port 2222

Restart SSH service:

sudo systemctl restart ssh

Use the new port to connect:

ssh [email protected] -p 2222
Initial Server Setup and Security Essentials for Debian
https://blog.juyoun.gg/posts/en/2024/08/24/
Author
Jay
Published at
2024-08-25
License
CC BY
Step-by-Step Guide to Installing Mailcow with Docker
© 2025 Jay. All Rights Reserved. / RSS / Sitemap
Powered by Astro & Fuwari