How to Secure Your VPS (SSH Keys, New User, Firewall)

Estimated reading: 1 minute

A default VPS is vulnerable if you leave root login open with a password. The goal is to reduce attack surface and limit access.

Step 1: Create a new admin user

Create a new user and grant admin privileges (sudo). This is safer than using root for daily tasks.

Step 2: Enable SSH key authentication (recommended)

SSH keys are much harder to brute-force than passwords. Generate a key on your computer, add the public key to your VPS, then test login.

Step 3: Disable root SSH login (after confirming your new user works)

Once you can log in using the new user + SSH key, disable direct root login over SSH.

Step 4: Change the default SSH port (optional)

This won’t “secure” the server alone, but it reduces noise from automated scans.

Step 5: Enable a firewall

Allow only the ports you need:

  • SSH (your chosen port)
  • HTTP (80) and HTTPS (443) if you host websites
  • Any app-specific ports you actually use

Step 6: Add brute-force protection

Tools like fail2ban can block repeated failed logins automatically.

My account