+370 5 205 5502 sales@monovm.com

How to Secure Linux Server? [Linux Hardening]

It's not mattered that your Linux server is running on Ubuntu, Debian, or some other distribution but you should secure it for better use for that this article will help with that How to secure Linux server or how to do Linux Hardening?

11 Feb, 22 by Sophia H 9 min Read

List of content you will read in this article:

Nowadays, the use of Linux in the cyber-space has grown enormously and with it, the amount of possible threats, now more than ever, security has become an important factor. Be it Linux dedicated server or a Linux VPS, both are at risk of an attack at all times. That is why if you aren’t taking steps to improve the cybersecurity of your Linux server, you should now.

There are many ways to secure a server on the internet. In this article, we will go through the 8 best ways to secure your Linux VPS Server.

VPS stands for a virtual private server. It is a service provided by web hosts that splits up a bare-metal server into smaller virtual machines. These VMs are then rented out for a fraction of the price of a dedicated server and each one acts as a standalone server with its own operating system and dedicated resources.

A Linux VPS, as you might have already guessed by now, is just a virtual private server that is running a Linux distribution such as Debian, Ubuntu, CentOS, RHEL, etc.

As a matter of fact, most prefer a Linux web server over a Windows one for its improved security, however, it is only as secure as the configuration you put on it. When setting up any web server, keep its security in mind. Many will opt for various layers such as WAF (i.e., Web Application Firewalls), IDS (i.e., Intrusion Detection System), or Mod Security to react in real-time to different threats.

Without proper security measures installed on your Linux VPS, malware could find its way onto the server and that is when the trouble starts. If you are storing any sensitive information on said VPS, it can all be stolen because of simple security oversight. Your server can also be used as a spam-sending relay and possibly be blacklisted from certain DNS providers, making your website invisible to anyone using the aforementioned providers.

If your Linux VPS security is lacking, hackers can take control of your server and perform either malicious or outright illegal activities on it. Depending on what they do, you as the owner of the server might even be held responsible for it. In the worst-case scenario, you might completely lose access to the server, however, in most such situations, your web hosting provider will simply delete the compromised VPS and provide you with a new one.

All these threats are simply scratching the surface of what can happen if someone hacks into your server or certain malware is installed on it. Do not forget, however, that these are just that – threats. If proper security measures are taken, they will only stay as threats and will never turn into an actual problem. Here are some measures you can take to help keep the threats away.

  1. Using complex and unpredictable passwords
  2. Disable login with root user
  3. Restricting user login
  4. Disable protocol 1
  5. Use non-standard ports
  6. Filtering SSH connections with the firewall
  7. Use the Security Keys to identify the identity
  8. Keep OS updated

Let's get to the nitty-gritty details!

1.      Using complex and unpredictable passwords

The utmost important step in securing a Linux VPS is to choose a strong password.

The first attempt by hackers will be to use Brute Force attacks to infiltrate your system. Having a complex and unpredictable password makes it nearly impossible for them to gain access to your server.

Here are a few tips to choose a sophisticated password:

  • Use at least 12 characters
  • Use upper and lower case letters
  • Put numbers between letters
  • Use non-numeric and non-letter characters

To learn more about how to create strong passwords have a read here. 

Use the following codes to change the password:

passwd username

To change the root password:

passwd root

2.      Disable login with root user

Being a root user will give you all the powers to make any kind of changes on your Linux Terminal. Disabling login with the root user means that the person logging in will no longer be able to use the root privileges. This is a great safety measure to follow because in order to access root privileges the user will have to provide the password again.

In order to disable logging in with the root user, follow these steps:

Open the file “etc/ssh/sshd_config/” with an editor:

nano /etc/ssh/sshd_config

Look for the following statement in this file and change the word yes to no.

# Prevent root logins:

PermitRootLogin no

 Restart the SSH service after making changes and save the file.

service ssh restart

3.      Restrict user logins to secure VPS

You might have a lot of usernames on your server, but you only need a few of the accounts to be logged in.

Let's assume you have 10 users on Linux, but only two people (Sophia and Emma) should be allowed to connect remotely to the server.

To restrict Linux users, open the sshd_config file with an editor.

nano /etc/ssh/sshd_config

After the file is opened,

AllowUsers Sophia Emma

Restart the SSH service after making changes and save the file.

Service ssh restart

4.      Disable protocol 1

The SSH service works with 2 protocols namely protocol 1 and protocol 2. Protocol 1 has lesser security compared to the other, so it's better to use protocol 2 in your communications. 

In order to disable protocol 1, open the sshd_config file with an editor.

nano /etc/ssh/sshd_config

Find the following statement and change it to "protocol 2".

# Protocol 2,1

Protocol 2

Restart the SSH service after making changes and save the file.

Service ssh restart 

5.      Use non-standard ports for SSH

The default SSH service port is 22, so hackers will check this port before anything else. In some cases, administrators change the SSH port to 2222, but you should know that hackers will surely scan port 22 and if they get no result, their second choice will be port 2222. It's better to use the ports with a lot of digits that are not reserved for other services. The best choice is between 10,000 and 65,000, in which most of them are free.

We have an in-depth guide on how to change the SSH port, This will help you get a detailed understanding of it.

6.      Filter SSH connections with a firewall

If you only connect remotely to the server and use a particular IP, you can use the following command to isolate your connection to the SSH service.

iptables –A INPUT –p tcp –s –dport 22 –j –ACCEPT

By entering the above command, you can only connect to the server from a system that has an IP address of

If you want to access the server from all locations, enter the below commands:

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh –rsource

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT

In the first command, you open access to port 22 for all IPs.

In the second command firewall automatically blocks the IPs that send multiple requests in less than 60 seconds.

Note: To properly execute the second command, you must add the default DROP policies.

7.      Use the Security Keys for identification

Using Security Keys has two main security advantages.

  1. You can access your terminal without entering a password.
  2. You can disable password logging completely so that no password is required to connect to the server.

This feature protects against certain possible attacks such as brute force attacks.

8.      Keep servers up to date

Server updates are one of the key matters that you should always keep in mind. Update Linux servers regularly to fix security and performance issues. In newly released versions of an operating system, the developers often include security improvements and patches for recently discovered vulnerabilities. If your server is not up to date, hackers might exploit said vulnerabilities to gain access to your VPS.

Today we have discussed what is a Linux VPS, the importance4 of having a good security configuration on it. We also presented you with 8 easy steps you can take right now to improve your Linux servers’ security. We hope this article has been helpful to you, and if you have any questions or if there are some other ways to protect your Linux server, mention it in the comments below.

Also if you have a Windows VPS server you can check this article about windows server security.

People are also reading:


Sophia H

My name is Sophia H. My degree is MS in Information Technology Engineering. I have been working for 5 years on Java developing (j2ee), Computer Networking (Optical Networks), Virtualization and Hosting.