Change Your SSH Port In Web Host Manager
By default, SSH listens on port 22. This is the first thing a potential attacker is going to try.
I recommend changing this to a random four-digit number such as 5622.
To do this, you have to first open the port in the CSF firewall:
- Login to Web Host Manager
- Click on Configure Firewall and Security
- Click on Firewall Configuration
- Enter 5622 in the TCP_IN field
- Click on Change at the bottom
- Restart CSF
Once the port has been opened in the firewall, you then need to SSH into the server and modify the SSH configuration file.
If you’re using a Mac you can go to Utilities -> Terminal and SSH into your server:
ssh root@192.168.161.1 (replace with your server IP)
Enter your password and type in:
locate sshd_config
Most of the time this is located in /etc/ssh/ – it could be different and mlocate will help you find it.
Once you have the full path to the file, use nano to edit it:
nano /etc/ssh/sshd_config
Uncomment where it says Port 22 and change this to 5622. Command + X (on a Mac) to exit, type Y (for yes) to save, and then exit.
You then need to start SSH inside of Web Host Manager:
- Login to Web Host Manager
- Click on SSH Server (Open SSH) under Restart Services
Congratulations – your SSH port has now been changed to 5622. It’s important to note, the next time you SSH into your server, you need to us -p to define the port:
ssh -p 5622 root@192.168.1.1 (replace with your server IP)
Disable Root Logins & Replace With SSH Key
The next thing you want to do is disable root logins on your VPS so in order for someone to SSH they must have their RSA key on the server. This is one sure way to make sure only appropriate users have access to your server.
To see if you already have an SSH key setup (on a Mac) go to Utilities -> Terminateand type:
cd ~/.ssh
And then:
ls -l
If you see a file called id_rsa.pub then you already have a key, you just need to copy it to your clipboard:
pbcopy < id_rsa.pub
If you don’t, you can easily generate one with the following command in your Mac terminal:
ssh-keygen -t rsa -C "your_email@example.com"
Using your email address allows you to easily be able to identify the SSH key.
Disable Root Logins
Disabling root logins is easy:
- Login to Web Host Manager
- Click on SSH Password Authorization Tweak under Security
- Click the Disable Password Auth button
Import Public SSH Key
You can no longer SSH into your server using the root password, so now you need to import your key into Web Host Manager:
- Login to Web Host Manager
- Click on Manage root’s SSH Keys under Security Center
- Click Import Key
- Paste the Public Key in the appropriate box
- Click Manage Authorization beside the key
- Click Authorize
Then next time you go want to SSH into your box, you shouldn’t have to type a password. All you need to do is define the port:
ssh -p 5622 root@192.168.1.1 (replace with your server IP)
Enable Let’s Encrypt Auto SSL
One of the final things I recommend is integrating your VPS with Let’s Encrypt to automatically issue and install SSL certificates on all your domains and sub-domains.
While the latest version of Web Host Manager offers AutoSSL by Como, I personally prefer Let’s Encrypt.
To enable:
- SSH into your server
- Type in: /scripts/install_lets_encrypt_autossl_provider
- Login to Web Host Manager
- Click on Manage AutoSSL
- Click the ratio box beside Let’s Encrypt™
- Agree to the terms and create a new registration
- Click Save
Congratulations! As soon as your domains resolve to the DNS on your server, Let’s Encrypt will automatically generate a secure certificate for them (you can verify in Web Host Manager -> Manage SSL).
These are some basic, yet very powerful, security measures you can do to keep your VPS secure from hackers and evildoers.
If you have any questions or need our Superhero Support team to help, just ask!
Do you need to increase your credit score?
回复删除Do you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com
Do you need to increase your credit score?
回复删除Do you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com
I can’t say much but with my experience through divorce, I had no one until I met hackingsetting50@gmail.com online then I contacted him, surprisingly he helped me hack into my partner's phone and all his social media platforms and i can now access everything and even documented and printed stuffs to show as evidence , now I’m happy with my kids and working for Riches. I hope this helps anyone in need.
回复删除Thanks.