Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🧠 VPS Setup Notes

🖥️ Base Info

  • User: <your_username> (created by provider)
  • Purpose: Base secure setup for future use
  • Access: via SSH key (no password login)

1. 🔑 SSH Setup

Goal: Secure and simplify login.

Steps:

ssh <your_username>@<your_vps_ip>

Local key generated:

ssh-keygen -t ed25519

Key copied to VPS:

ssh-copy-id <your_username>@<your_vps_ip>

SSH config (~/.ssh/config):

Host *
    AddKeysToAgent yes
    IdentitiesOnly yes
    ServerAliveInterval 60
    IdentityFile ~/.ssh/id_ed25519
    # UseKeychain yes  # macOS only

Host github.com
    HostName github.com
    User git

Host my-vps
    HostName <your_vps_ip>
    User <your_username>
    Port 22

Result ✅

  • Login via: ssh my-vps
  • Root login disabled
  • Key-only authentication

2. 🔒 Firewall (UFW)

Installed and allowed SSH only:

sudo apt install -y ufw
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status

Result ✅

  • Only port 22 open
  • Ping (ICMP) blocked by default
  • To allow ping: 
    sudo ufw allow proto icmp

3. 🌍 Timezone Setup

sudo timedatectl set-timezone Asia/Jakarta
timedatectl

Result ✅

  • Server clock set to local time (WIB)

4. 🔁 Auto Security Updates

Installed and configured:

sudo apt install -y unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

Config file: /etc/apt/apt.conf.d/50unattended-upgrades

Optional auto-reboot setting:

Unattended-Upgrade::Automatic-Reboot "true";

Logs:

/var/log/unattended-upgrades/unattended-upgrades.log

Result ✅

  • Daily automatic security updates
  • Kernel and package updates applied quietly

5. 🛡️ Fail2Ban

Protects against brute-force attacks by banning IPs with failed login attempts.

Install and enable:

sudo apt install -y fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Check status:

sudo fail2ban-client status
sudo fail2ban-client status sshd

Unban an IP (if needed):

sudo fail2ban-client set sshd unbanip <ip_address>

Optional: Customize settings (only if you want to change defaults)

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo vim /etc/fail2ban/jail.local

Example custom settings:

  • maxretry = 5 – Ban after 5 failed attempts (default)
  • bantime = 600 – Ban duration in seconds (default: 10 min)
  • findtime = 600 – Time window for counting failures (default: 10 min)

Result ✅

  • SSH jail enabled by default
  • Automatic IP banning for failed logins