VPS or A Cloud Server will come with basic OS setup. Here are some of my basic practices getting started with setting up a VPS for deploying applications.
Setting up SSH Keys
Create SSH Keys on local machine
ssh-keygen -t ecdsa -f ~/.ssh/id_rsa_vps
Copy SSH Keys to VPS
ssh-copy-id -i ~/.ssh/id_rsa_vps.pub username@ip
Add ~/.ssh/config entry for easy access
cat ~/.ssh/config
Host vps1
HostName ip
User username
IdentityFile ~/.ssh/id_rsa_vps
ServerAliveInterval 240
(Optional) Disable password authentication
sudo nano /etc/ssh/sshd_config
Change the following lines
PasswordAuthentication no
PermitRootLogin no
# Restart SSH service
sudo systemctl restart sshd
This config will allow you to connect to VPS using ssh vps1 and the connection will be kept alive.
Setting up UFW
Install UFW
# Install UFW if not already installed
sudo apt install ufw
# Allow necessary ports
sudo ufw allow 22/tcp # SSH
sudo ufw allow 80/tcp # HTTP
sudo ufw allow 443/tcp # HTTPS
sudo ufw allow 45876/tcp # Beszel
sudo ufw allow 6443/tcp # K3s
# Enable UFW
sudo ufw enable
# Check UFW status
sudo ufw status
Install CrowdSec or Fail2Ban
Crowdsec
curl -s https://install.crowdsec.net | sudo sh && sudo apt install crowdsec
Fail2ban
sudo apt install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local
Ensure the following lines are set:
# [sshd]
enabled = true
port = 22
maxretry = 5
bantime = 84600
sudo systemctl restart fail2ban
sudo fail2ban-client status
sudo fail2ban-client status sshd