SYSTEMS OPERATIONAL
Security

How to Secure a Linux VPS: 2026 Checklist

A new VPS is exposed to automated attacks within minutes. Work through these six steps to lock it down — each takes just a couple of minutes.


1. Use SSH keys instead of passwords

Key-based authentication is far harder to brute-force than a password. Generate a key on your own machine and copy it to the server:

ssh-keygen -t ed25519
ssh-copy-id deploy@YOUR_SERVER_IP

2. Disable root and password login

Edit the SSH config and turn off direct root login and password authentication:

sudo nano /etc/ssh/sshd_config
# Set these lines:
# PermitRootLogin no
# PasswordAuthentication no
sudo systemctl restart ssh

Important: confirm you can log in with your key before closing your current session.

3. Configure a firewall (UFW)

Allow only the ports you actually use:

sudo ufw allow OpenSSH
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

For more detail, see our UFW firewall guide.

4. Install Fail2ban

Fail2ban automatically bans IPs that repeatedly fail to log in:

sudo apt install fail2ban -y
sudo systemctl enable --now fail2ban

5. Enable automatic security updates

Keep patches current without logging in daily:

sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades

6. Set up backups

Security includes recovery. Schedule regular backups of your data and databases so you can restore quickly after any incident. Store at least one copy off-server — object storage works well for this.

Do these six things on every new server and you'll block the vast majority of automated attacks. New to the command line? Start with our Ubuntu VPS setup guide.

Deploy a secure-ready Linux VPS

Full-root NVMe KVM VPS in India from Rs. 400/mo, on our Mumbai & Delhi nodes.

Get a Linux VPS

Related plans & guides

Chat with Support