Setup
I use Hetzner VPS with Debian 12.
When I offer to create new user, I call it
jack, you can use any other username.First connection
If it's setup of server, you have to disable ssh with root and allow it with a custom user.
ssh root@xxx.xx.xx.xxx
Check IP
ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
Update Linux and add new user
apt update
apt upgrade -y
apt install vim -y
adduser jack
usermod -aG sudo jack
Locales
vim /etc/default/locale
/etc/default/locale
LC_CTYPE="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LANG="en_US.UTF-8"
Generate locales
export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"
dpkg-reconfigure locales
Copy SSH keys from root to jack
mkdir /home/jack/.ssh/
cp /root/.ssh/authorized_keys /home/jack/.ssh/
chown -R jack:jack /home/jack/.ssh/
chmod -R 700 /home/jack/.ssh/
Exit SSH connection
exit
Connect to server with new user
ssh jack@xxx.xx.xx.xxx
Than now you can reboot server
sudo reboot
Firewall
Install firewall
sudo apt install ufw
Set default rules
sudo ufw allow ssh
sudo ufw allow 80
sudo ufw allow 443
Show rules
sudo ufw show added
sudo ufw status
If works, disallow ssh connection with root.
sudo vim /etc/ssh/sshd_config
Find PermitRootLogin line and replace yes to no and restart sshd daemon. Disconnect yourself with exit and you won't able to connect with root, connect with custom user now.
/etc/ssh/sshd_config
-PermitRootLogin yes
+PermitRootLogin no
-ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
-PasswordAuthentication yes
+PasswordAuthentication no
sudo systemctl restart sshd.service
sudo ufw enable
Change root password
sudo -i
passwd
exit
Change SSH port
Change port in sshd config
sudo vim /etc/ssh/sshd_config
/etc/ssh/sshd_config
Port 22
/etc/ssh/sshd_config
Port 1234
Allow new port in firewall
sudo ufw allow 1234/tcp
Remove old port
sudo ufw delete allow 22/tcp
Check new rules
sudo ufw status
Restart sshd daemon
sudo systemctl restart sshd.service
Fail2ban
Check this guide: Fail2ban.
Useful packages
You can install with this guide.
NGINX
You can install NGINX with this guide.