3 Easy Steps To Secure Your Cloud VPS Hosting Package|林子超博客

Change Your SSH Port In Web Host Manager

By default, SSH listens on port 22.  This is the first thing a potential attacker is going to try.

I recommend changing this to a random four-digit number such as 5622.

To do this, you have to first open the port in the CSF firewall:

1. Login to Web Host Manager
2. Click on Configure Firewall and Security
3. Click on Firewall Configuration
4. Enter 5622 in the TCP_IN field
5. Click on Change at the bottom
6. Restart CSF

Once the port has been opened in the firewall, you then need to SSH into the server and modify the SSH configuration file.

If you’re using a Mac you can go to Utilities -> Terminal and SSH into your server:

ssh root@192.168.161.1 (replace with your server IP)

Enter your password and type in:

locate sshd_config

Most of the time this is located in /etc/ssh/ – it could be different and mlocate will help you find it.

Once you have the full path to the file, use nano to edit it:

nano /etc/ssh/sshd_config

Uncomment where it says Port 22 and change this to 5622. Command + X (on a Mac) to exit, type Y (for yes) to save, and then exit.

You then need to start SSH inside of Web Host Manager:

1. Login to Web Host Manager
2. Click on SSH Server (Open SSH) under Restart Services

Congratulations – your SSH port has now been changed to 5622.  It’s important to note, the next time you SSH into your server, you need to us -p to define the port:

ssh -p 5622 root@192.168.1.1 (replace with your server IP)

Disable Root Logins & Replace With SSH Key

The next thing you want to do is disable root logins on your VPS so in order for someone to SSH they must have their RSA key on the server.  This is one sure way to make sure only appropriate users have access to your server.

To see if you already have an SSH key setup (on a Mac) go to Utilities -> Terminateand type:

cd ~/.ssh

And then:

ls -l

If you see a file called id_rsa.pub then you already have a key, you just need to copy it to your clipboard:

pbcopy < id_rsa.pub

If you don’t, you can easily generate one with the following command in your Mac terminal:

ssh-keygen -t rsa -C "your_email@example.com"

Using your email address allows you to easily be able to identify the SSH key.

Disable Root Logins

Disabling root logins is easy:

1. Login to Web Host Manager
2. Click on SSH Password Authorization Tweak under Security
3. Click the Disable Password Auth button

Import Public SSH Key

You can no longer SSH into your server using the root password, so now you need to import your key into Web Host Manager:

1. Login to Web Host Manager
2. Click on Manage root’s SSH Keys under Security Center
3. Click Import Key
4. Paste the Public Key in the appropriate box
5. Click Manage Authorization beside the key
6. Click Authorize

Then next time you go want to SSH into your box, you shouldn’t have to type a password.  All you need to do is define the port:

ssh -p 5622 root@192.168.1.1 (replace with your server IP)

Enable Let’s Encrypt Auto SSL

One of the final things I recommend is integrating your VPS with Let’s Encrypt to automatically issue and install SSL certificates on all your domains and sub-domains.

While the latest version of Web Host Manager offers AutoSSL by Como, I personally prefer Let’s Encrypt.

To enable:

1. SSH into your server
2. Type in: /scripts/install_lets_encrypt_autossl_provider
3. Login to Web Host Manager
4. Click on Manage AutoSSL
5. Click the ratio box beside Let’s Encrypt™
6. Agree to the terms and create a new registration
7. Click Save

Congratulations!  As soon as your domains resolve to the DNS on your server, Let’s Encrypt will automatically generate a secure certificate for them (you can verify in Web Host Manager -> Manage SSL).

These are some basic, yet very powerful, security measures you can do to keep your VPS secure from hackers and evildoers.

If you have any questions or need our Superhero Support team to help, just ask!