Prometeus - Your 'net consultants !

This is my first VPS and I am trying to learn how to set up my VPS so that it is secure.

I found this tutorial on how to make the VPS secure and I wondered if it was suitable to use it on my VPS? I have OpenVZ VPS - VZSSD5.

http://www.usefuljaja.com/2007/6/debian ... tup-page-1

I know that there is no debianArch image available, but is this the right thing to do? I only ever use my home PC to do work on my sites and it seems a good idea to make a user which is tied to my IP and to removes the root user to stop attackers trying to crack it.

Hello !

Blocking the IPs except your home one is not so good, much better is to use a key login. Use a RSA key and guessing that is impossible.
You can use putty and the pageant for that or directly a ssh client in your distribution.
http://the.earth.li/~sgtatham/putty/0.5 ... pter9.html

I already use Putty.

So it is not possible for me to disable the root user? As in the http://tuxlite.com setup? I want to install a lamp stack and some sort of secure file management system for uploading some frameworks I want to try out.

I did try the EHCP tutorial as a way to set everything up (I logged a ticket and it was advised in the ticket) but as there is no instruction for actually using the EHCP either here or on the home site (and I did not find it all intuitive) I scrapped that.

I just want to have a secure system, I will look at the pageant link of course, as the whole point is that I learn how to set up the server.

In all the reading I have been doing disabling root is always one of the first things they suggest, is that possible on this hosting?

boss,

this is what i usually do, just simple security. there are many more things to be done, but i am happy with these:
1. change ssh port to some non-default high value
2. create another user e.g. jon
3. setup key-pair login for jon, and test if working
4. disable root login, and password login
5. setup iptables to only allow the ssh port i use, and only the service i need for the outside (e.g. web) and block everything else.

then always login as jon to my vps

jcaleb wrote:boss,

this is what i usually do, just simple security. there are many more things to be done, but i am happy with these:
1. change ssh port to some non-default high value
2. create another user e.g. jon
3. setup key-pair login for jon, and test if working
4. disable root login, and password login
5. setup iptables to only allow the ssh port i use, and only the service i need for the outside (e.g. web) and block everything else.

then always login as jon to my vps

This.
I didnt say not to disable root, I just said that disable logins from other IPs than your own is not a good idea. One day it may be unavailable, for example net down at home, even if you have fixed IP.
You can, of course, disable the root user.
I do not think like jon that changing port solves many things, just the bot brute force attempts go unnoticed, but changing login from password to key and from root to another user does a lot towards security. Just make sure you have the key some place you can access it when online (some encrypted archive in a mail attachment).
About EHCP, it is pretty similar to other control panels, create domain with user, give resources, connect with ftp, upload site, create database and user/password for it if your site needs one, point your DNS to the IP, ready
I think I will document that too with screenshots, for me it looked similar to other panel, but it seems it is not so.