Below is a basic checklist of commands and steps you can run right after you spin up your new Ubuntu 24.10 x64 droplet. Run each command (or follow the instruction) carefully—you want to lock things down without accidentally locking yourself out!
Important:
• Before disabling password authentication, make sure you’ve set up SSH keys and tested them with your new user account.
• Adjust usernames and settings as needed.
- Update and Upgrade Packages
sudo apt update && sudo apt upgrade -y- Create a New User and Grant Sudo Privileges Replace
yourusernamewith your preferred username.
sudo adduser yourusername
sudo usermod -aG sudo yourusername- Secure SSH Configuration a. Disable Root Login
This command updates/etc/ssh/sshd_configto disallow direct root logins.
sudo sed -i 's/^PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_configb. (Optional) Disable Password Authentication
Only do this once you’ve confirmed that your SSH keys work.
sudo sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_configc. Restart SSH Service
sudo systemctl restart sshd- Set Up a Basic Firewall with UFW Allow SSH first, then enable UFW:
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status- Install Fail2ban to Help Prevent Brute-Force Attacks
sudo apt install fail2ban -yTip: After installation, you can customize the jail settings in /etc/fail2ban/jail.local if needed.
- Enable Automatic Security Updates Installing and configuring unattended upgrades can help keep your system patched:
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades- Clean Up Unnecessary Packages Finally, remove any unused packages:
sudo apt autoremove -yThis checklist provides a solid starting point for hardening your server while ensuring you don’t accidentally block your own access. As your needs grow, you may want to look into further steps such as configuring intrusion detection tools, setting up a VPN for remote management, or fine-tuning application-specific security settings.
Leave a Reply