Securing Your VPS

1. Update Packages

apt update && apt upgrade -y

2. Create a Non-Root User

adduser deploy
usermod -aG sudo deploy

3. Set Up SSH Key Authentication

# On your local machine
ssh-keygen -t ed25519
ssh-copy-id deploy@your-server-ip

Then disable password authentication:

# /etc/ssh/sshd_config
PasswordAuthentication no
PermitRootLogin no

Restart SSH: systemctl restart sshd

4. Configure Firewall

ufw allow OpenSSH
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable

5. Enable Automatic Security Updates

apt install unattended-upgrades -y
dpkg-reconfigure -plow unattended-upgrades

6. Install Fail2Ban

apt install fail2ban -y
systemctl enable fail2ban

This protects against brute-force SSH attacks.