Get reliable and fast VPS from Dropvps!Buy Now
Menu
Signup | Login
User

DropVPS Team

Writer: John hens

How to Secure a Linux VPS After First Login

How to Secure a Linux VPS After First Login

Publication Date

01/07/2026

Category

Articles

Reading Time

2 Min

Table of Contents

Securing a Linux VPS after the first login is critical because a fresh server is exposed to brute‑force attacks, outdated packages, and misconfigurations. By following these numbered steps, you can harden your VPS, protect sensitive data, and ensure long‑term stability.

Step 1: Update Packages

Keeping your VPS updated ensures vulnerabilities are patched and your system remains stable.

sudo apt update && sudo apt upgrade -y

A quick alternative for CentOS/RHEL:

sudo yum update -y

Step 2: Create User

Operating as root is dangerous. A non‑root user with sudo privileges reduces exposure to exploits.

adduser newuser

Enable sudo rights for the new user:

usermod -aG sudo newuser

Step 3: Configure SSH Keys

SSH keys provide a much stronger layer of security compared to traditional passwords, because they rely on cryptographic authentication that is nearly impossible to brute‑force; setting them up right after your first login ensures attackers cannot exploit weak or reused credential

ssh-keygen -t rsa -b 4096

Disable password authentication in SSH config:

nano /etc/ssh/sshd_config   # set PasswordAuthentication no

Step 4: Change SSH Port

Changing the default SSH port reduces automated bot attacks scanning port 22.

nano /etc/ssh/sshd_config   # Port 2222

Restart SSH service to apply changes:

systemctl restart sshd

Step 5: Install Firewall

A firewall blocks unauthorized access and allows only trusted connections.

sudo ufw allow 2222/tcp && sudo ufw enable

For CentOS/RHEL systems:

sudo firewall-cmd --permanent --add-port=2222/tcp && sudo firewall-cmd --reload

Step 6: Enable Fail2Ban

Fail2Ban bans IPs after repeated failed logins, adding automated defense.

sudo apt install fail2ban -y

Start and enable the service:

sudo systemctl enable fail2ban && sudo systemctl start fail2ban

Step 7: Auto Updates

Automating updates ensures your VPS stays secure without manual intervention.

sudo apt install unattended-upgrades

Configure unattended upgrades:

sudo dpkg-reconfigure unattended-upgrades

Step 8: Secure Services

Web servers and databases must be hardened individually to prevent exploitation.

sudo nano /etc/mysql/my.cnf   # bind-address=127.0.0.1

Enable SSL for Apache:

sudo a2enmod ssl && sudo systemctl restart apache2

Step 9: Monitoring and Backups

Monitoring tools and backups help detect threats early and recover quickly.

htop

Sync files to a backup server:

rsync -avz /var/www/ user@backupserver:/backups/

Step 10: Audit Logs

Regular audits keep your VPS hardened against evolving threats.

cat /var/log/auth.log

Run a full system audit:

sudo lynis audit system
Linux VPS
U
Loading...

Related Posts