{"id":146158,"date":"2025-08-29T16:47:22","date_gmt":"2025-08-29T09:47:22","guid":{"rendered":"https:\/\/vinahost.vn\/?p=146158"},"modified":"2025-09-03T17:15:00","modified_gmt":"2025-09-03T10:15:00","slug":"your-first-hour-checklist-5-essential-steps-to-secure-your-new-vps","status":"publish","type":"post","link":"https:\/\/vinahost.vn\/en\/vps-initial-security-setup\/","title":{"rendered":"Your First Hour Checklist: 5 Essential Steps to Secure Your New VPS"},"content":{"rendered":"<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">A brand-new VPS, by default, is a blank slate. While powerful, it&#8217;s also a potential target for the countless automated bots constantly scanning the internet for unprotected servers. Your first hour with a new VPS is the most critical time to establish a strong security foundation.<\/span><\/p>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">This is not a task for security experts only. This is <\/span><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">VPS security 101<\/span><\/strong><span class=\"ng-star-inserted\">.<\/span><\/p>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">This guide is designed for anyone who has just purchased their first VPS. We will walk you through the five most important, non-negotiable security steps to &#8220;harden&#8221; your server. Whether you&#8217;ve just launched a new\u00a0<\/span><strong class=\"ng-star-inserted\"><a class=\"ng-star-inserted\" href=\"https:\/\/vinahost.vn\/en\/vps-laos\/\" target=\"_blank\" rel=\"noopener\"><span class=\"ng-star-inserted\">vps laos<\/span><\/a><\/strong><span class=\"ng-star-inserted\">\u00a0to serve the Mekong region or are preparing an instance in another market, these foundational steps are universal. By following this checklist, you&#8217;ll transform your new server from a default installation into a secure fortress, ready for you to build upon with confidence.<\/span><\/p>\n<figure id=\"attachment_146377\" aria-describedby=\"caption-attachment-146377\" style=\"width: 700px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-146377 size-full\" src=\"https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Your-First-Hour-Checklist_-5-Essential-Steps-to-Secure-Your-New-VPS.jpg\" alt=\"Your First Hour Checklist_ 5 Essential Steps to Secure Your New VPS\" width=\"700\" height=\"500\" title=\"-\" srcset=\"https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Your-First-Hour-Checklist_-5-Essential-Steps-to-Secure-Your-New-VPS.jpg 700w, https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Your-First-Hour-Checklist_-5-Essential-Steps-to-Secure-Your-New-VPS-560x400.jpg 560w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-146377\" class=\"wp-caption-text\">Your First Hour Checklist_ 5 Essential Steps to Secure Your New VPS<\/figcaption><\/figure>\n<h3 class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">1. Prerequisites: What You Need to Start<\/span><\/strong><\/h3>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Before we begin, make sure you have the following:<\/span><\/p>\n<ol class=\"ng-star-inserted\">\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Your VinaHost VPS Details:<\/span><\/strong><span class=\"ng-star-inserted\"> After purchasing, you received an email with your server&#8217;s IP address, the default username (<\/span><span class=\"inline-code ng-star-inserted\">root<\/span><span class=\"ng-star-inserted\">), and a temporary password.<\/span><\/p>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">An SSH Client:<\/span><\/strong><span class=\"ng-star-inserted\"> This program allows you to securely connect to and command your server.<\/span><\/p>\n<ul class=\"ng-star-inserted\">\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Windows:<\/span><\/strong><span class=\"ng-star-inserted\"> Use a free tool like <\/span><span class=\"ng-star-inserted\">PuTTY<\/span><span class=\"ng-star-inserted\"> or the built-in SSH functionality in Windows Terminal or PowerShell.<\/span><\/p>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">macOS \/ Linux:<\/span><\/strong><span class=\"ng-star-inserted\"> You can use the <\/span><span class=\"inline-code ng-star-inserted\">Terminal<\/span><span class=\"ng-star-inserted\"> application that comes pre-installed.<\/span><\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Let&#8217;s begin. The clock is ticking!<\/span><\/p>\n<hr class=\"ng-star-inserted\" \/>\n<h3 class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Step 1: Change the Default Root Password<\/span><\/strong><\/h3>\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">The Problem:<\/span><\/strong><span class=\"ng-star-inserted\"> The initial password provided by your hosting company is temporary. It was automatically generated and has been transmitted via email. Think of it as the &#8220;master key&#8221; the landlord gives you. The very first thing you do in a new house is change the locks.<\/span><\/p>\n<figure id=\"attachment_146357\" aria-describedby=\"caption-attachment-146357\" style=\"width: 700px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-146357 size-full\" src=\"https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Change-the-Default-Root-Password.jpg\" alt=\"Change the Default Root Password\" width=\"700\" height=\"500\" title=\"-\" srcset=\"https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Change-the-Default-Root-Password.jpg 700w, https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Change-the-Default-Root-Password-560x400.jpg 560w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-146357\" class=\"wp-caption-text\">Change the Default Root Password<\/figcaption><\/figure>\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">The Solution:<\/span><\/strong><span class=\"ng-star-inserted\"> Immediately change the password for the <\/span><span class=\"inline-code ng-star-inserted\">root<\/span><span class=\"ng-star-inserted\"> user to something unique, complex, and known only to you. The <\/span><span class=\"inline-code ng-star-inserted\">root<\/span><span class=\"ng-star-inserted\"> user is the super-administrator of your server, with the power to do absolutely anything. Its password is your first and most important line of defense.<\/span><\/p>\n<ol class=\"ng-star-inserted\">\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Connect to your server via SSH.<\/span><\/strong><span class=\"ng-star-inserted\"> Open your terminal or PuTTY and use the following command, replacing the placeholder with your server&#8217;s actual IP address:<\/span><\/p>\n<div class=\"container\">\n<p><span class=\"mat-content\"><span class=\"material-symbols-outlined notranslate title-icon\" aria-hidden=\"true\"> code <\/span>Bash<\/span><\/p>\n<div class=\"mat-expansion-panel-content-wrapper\">\n<div id=\"cdk-accordion-child-77\" class=\"mat-expansion-panel-content\" role=\"region\" aria-labelledby=\"mat-expansion-panel-header-77\">\n<div class=\"mat-expansion-panel-body\">\n<pre class=\"ng-star-inserted\"><code>ssh root<span class=\"hljs-meta\">@your_server_ip<\/span><\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">You will be prompted for the password. Copy and paste the temporary password from your welcome email.<\/span><\/p>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Once logged in, change the password.<\/span><\/strong><span class=\"ng-star-inserted\"> Type the following command and press Enter:<\/span><\/p>\n<div class=\"container\">\n<p><span class=\"mat-content\"><span class=\"material-symbols-outlined notranslate title-icon\" aria-hidden=\"true\"> code <\/span>Bash<\/span><\/p>\n<div class=\"mat-expansion-panel-content-wrapper\">\n<div id=\"cdk-accordion-child-78\" class=\"mat-expansion-panel-content\" role=\"region\" aria-labelledby=\"mat-expansion-panel-header-78\">\n<div class=\"mat-expansion-panel-body\">\n<pre class=\"ng-star-inserted\"><code>passwd<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">The system will prompt you to enter your new password twice. Note that you won&#8217;t see any characters as you type\u2014this is a standard security feature.<\/span><\/p>\n<ul class=\"ng-star-inserted\">\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Choose a strong password (a mix of uppercase, lowercase, numbers, and symbols).<\/span><\/p>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">We highly recommend using a password manager like Bitwarden or 1Password to generate and store this complex password securely.<\/span><\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">You&#8217;ve just changed the master key. Great start!<\/span><\/p>\n<hr class=\"ng-star-inserted\" \/>\n<h3 class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Step 2: Create a New User with Sudo Privileges<\/span><\/strong><\/h3>\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">The Problem:<\/span><\/strong><span class=\"ng-star-inserted\"> Operating your server daily as the <\/span><span class=\"inline-code ng-star-inserted\">root<\/span><span class=\"ng-star-inserted\"> user is like walking around with a live grenade. A single typo or a mistaken command executed as <\/span><span class=\"inline-code ng-star-inserted\">root<\/span><span class=\"ng-star-inserted\"> can accidentally delete critical files and destroy your entire system. Furthermore, the username <\/span><span class=\"inline-code ng-star-inserted\">root<\/span><span class=\"ng-star-inserted\"> is the single most common target for automated brute-force attacks.<\/span><\/p>\n<figure id=\"attachment_146352\" aria-describedby=\"caption-attachment-146352\" style=\"width: 700px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-146352 size-full\" src=\"https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Create-a-New-User-with-Sudo-Privileges.jpg\" alt=\"Create a New User with Sudo Privileges\" width=\"700\" height=\"500\" title=\"-\" srcset=\"https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Create-a-New-User-with-Sudo-Privileges.jpg 700w, https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Create-a-New-User-with-Sudo-Privileges-560x400.jpg 560w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-146352\" class=\"wp-caption-text\">Create a New User with Sudo Privileges<\/figcaption><\/figure>\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">The Solution:<\/span><\/strong><span class=\"ng-star-inserted\"> We will create a new, personal user account for our day-to-day tasks. We will then give this user &#8220;sudo&#8221; (superuser do) privileges, which allows them to run administrative commands when needed by prefixing the command with <\/span><span class=\"inline-code ng-star-inserted\">sudo<\/span><span class=\"ng-star-inserted\">. This adds a crucial layer of safety\u2014you have to consciously elevate your privileges to perform sensitive actions.<\/span><\/p>\n<ol class=\"ng-star-inserted\">\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Create the new user.<\/span><\/strong><span class=\"ng-star-inserted\"> While still logged in as <\/span><span class=\"inline-code ng-star-inserted\">root<\/span><span class=\"ng-star-inserted\">, run this command. Replace <\/span><span class=\"inline-code ng-star-inserted\">john<\/span><span class=\"ng-star-inserted\"> with your desired username.<\/span><\/p>\n<div class=\"container\">\n<p><span class=\"mat-content\"><span class=\"material-symbols-outlined notranslate title-icon\" aria-hidden=\"true\"> code <\/span>Bash<\/span><\/p>\n<div class=\"mat-expansion-panel-content-wrapper\">\n<div id=\"cdk-accordion-child-79\" class=\"mat-expansion-panel-content\" role=\"region\" aria-labelledby=\"mat-expansion-panel-header-79\">\n<div class=\"mat-expansion-panel-body\">\n<pre class=\"ng-star-inserted\"><code>adduser john<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">The system will ask you to set a new password for this user and then for some optional contact information (you can leave these blank by pressing Enter).<\/span><\/p>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Grant administrative (sudo) privileges.<\/span><\/strong><span class=\"ng-star-inserted\"> We need to add our new user to the <\/span><span class=\"inline-code ng-star-inserted\">sudo<\/span><span class=\"ng-star-inserted\"> group. This is what gives them the power to run commands as root.<\/span><\/p>\n<div class=\"container\">\n<p><span class=\"mat-content\"><span class=\"material-symbols-outlined notranslate title-icon\" aria-hidden=\"true\"> code <\/span>Bash<\/span><\/p>\n<div class=\"mat-expansion-panel-content-wrapper\">\n<div id=\"cdk-accordion-child-80\" class=\"mat-expansion-panel-content\" role=\"region\" aria-labelledby=\"mat-expansion-panel-header-80\">\n<div class=\"mat-expansion-panel-body\">\n<pre class=\"ng-star-inserted\"><code>usermod -aG sudo john<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">(Remember to replace <span class=\"inline-code ng-star-inserted\">john<\/span> with the username you created.)<\/span><\/p>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Test it (optional but recommended).<\/span><\/strong><span class=\"ng-star-inserted\"> Switch to your new user account:<\/span><\/p>\n<div class=\"container\">\n<p><span class=\"mat-content\"><span class=\"material-symbols-outlined notranslate title-icon\" aria-hidden=\"true\"> code <\/span>Bash<\/span><\/p>\n<div class=\"mat-expansion-panel-content-wrapper\">\n<div id=\"cdk-accordion-child-81\" class=\"mat-expansion-panel-content\" role=\"region\" aria-labelledby=\"mat-expansion-panel-header-81\">\n<div class=\"mat-expansion-panel-body\">\n<pre class=\"ng-star-inserted\"><code>su - john<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Your command prompt should now show <\/span><span class=\"inline-code ng-star-inserted\">john@your-vps-hostname<\/span><span class=\"ng-star-inserted\">. Now, try to run a privileged command, like viewing a restricted directory: <\/span><span class=\"inline-code ng-star-inserted\">sudo ls -la \/root<\/span><span class=\"ng-star-inserted\">. You will be prompted for <\/span><span class=\"ng-star-inserted\">your user&#8217;s password<\/span><span class=\"ng-star-inserted\"> (the one you just set for <\/span><span class=\"inline-code ng-star-inserted\">john<\/span><span class=\"ng-star-inserted\">), not the root password. If it works, you&#8217;ve successfully set up your new user!<\/span><\/p>\n<\/li>\n<\/ol>\n<hr class=\"ng-star-inserted\" \/>\n<h3 class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Step 3: Disable Root Login via SSH<\/span><\/strong><\/h3>\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">The Problem:<\/span><\/strong><span class=\"ng-star-inserted\"> Even with a strong password, the <\/span><span class=\"inline-code ng-star-inserted\">root<\/span><span class=\"ng-star-inserted\"> user is still a target. Automated bots will hammer your server 24\/7, trying to guess the <\/span><span class=\"inline-code ng-star-inserted\">root<\/span><span class=\"ng-star-inserted\"> password. By disabling the ability to log in as <\/span><span class=\"inline-code ng-star-inserted\">root<\/span><span class=\"ng-star-inserted\"> directly over the network, you effectively remove the target from the shooting range.<\/span><\/p>\n<figure id=\"attachment_146362\" aria-describedby=\"caption-attachment-146362\" style=\"width: 700px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-146362 size-full\" src=\"https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Disable-Root-Login-via-SSH.jpg\" alt=\"Disable Root Login via SSH\" width=\"700\" height=\"500\" title=\"-\" srcset=\"https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Disable-Root-Login-via-SSH.jpg 700w, https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Disable-Root-Login-via-SSH-560x400.jpg 560w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-146362\" class=\"wp-caption-text\">Disable Root Login via SSH<\/figcaption><\/figure>\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">The Solution:<\/span><\/strong><span class=\"ng-star-inserted\"> We will configure the SSH service to <\/span><span class=\"ng-star-inserted\">only<\/span><span class=\"ng-star-inserted\"> allow your new <\/span><span class=\"inline-code ng-star-inserted\">sudo<\/span><span class=\"ng-star-inserted\"> user to log in. This forces everyone (including you) to log in with a non-privileged account first, which is a massive security enhancement.<\/span><\/p>\n<blockquote class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">\u26a0\ufe0f CRITICAL WARNING:<\/span><\/strong><span class=\"ng-star-inserted\"> Before you complete this step, you <\/span><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">MUST<\/span><\/strong><span class=\"ng-star-inserted\"> verify that you can log in with your new sudo user from a <\/span><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">new, separate terminal window<\/span><\/strong><span class=\"ng-star-inserted\">. If you make a mistake and disable root login before confirming your new user works, you could lock yourself out of your server permanently!<\/span><\/p>\n<\/blockquote>\n<ol class=\"ng-star-inserted\">\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Open a <\/span><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">second terminal window<\/span><\/strong><span class=\"ng-star-inserted\"> and successfully log in with your new user: <\/span><span class=\"inline-code ng-star-inserted\">ssh john@your_server_ip<\/span><span class=\"ng-star-inserted\">. Once you are in, you can safely proceed in your original root terminal.<\/span><\/p>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Edit the SSH configuration file.<\/span><\/strong><span class=\"ng-star-inserted\"> Use the nano text editor to open the file:<\/span><\/p>\n<div class=\"container\">\n<p><span class=\"mat-content\"><span class=\"material-symbols-outlined notranslate title-icon\" aria-hidden=\"true\"> code <\/span>Bash<\/span><\/p>\n<div class=\"mat-expansion-panel-content-wrapper\">\n<div id=\"cdk-accordion-child-82\" class=\"mat-expansion-panel-content\" role=\"region\" aria-labelledby=\"mat-expansion-panel-header-82\">\n<div class=\"mat-expansion-panel-body\">\n<pre class=\"ng-star-inserted\"><code>nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Find and modify the <\/span><span class=\"inline-code ng-star-inserted\">PermitRootLogin<\/span><span class=\"ng-star-inserted\"> line.<\/span><\/strong><span class=\"ng-star-inserted\"> Use the arrow keys to scroll down and find the line that says <\/span><span class=\"inline-code ng-star-inserted\">PermitRootLogin<\/span><span class=\"ng-star-inserted\">. It might be commented out with a <\/span><span class=\"inline-code ng-star-inserted\">#<\/span><span class=\"ng-star-inserted\"> and look like <\/span><span class=\"inline-code ng-star-inserted\">#PermitRootLogin prohibit-password<\/span><span class=\"ng-star-inserted\"> or it might say <\/span><span class=\"inline-code ng-star-inserted\">PermitRootLogin yes<\/span><span class=\"ng-star-inserted\">.<\/span><\/p>\n<ul class=\"ng-star-inserted\">\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Change this line to be exactly:<\/span><\/p>\n<div class=\"container\">\n<p><span class=\"mat-content\"><span class=\"material-symbols-outlined notranslate title-icon\" aria-hidden=\"true\"> code <\/span>Code<\/span><\/p>\n<div class=\"mat-expansion-panel-content-wrapper\">\n<div id=\"cdk-accordion-child-83\" class=\"mat-expansion-panel-content\" role=\"region\" aria-labelledby=\"mat-expansion-panel-header-83\">\n<div class=\"mat-expansion-panel-body\">\n<pre class=\"ng-star-inserted\"><code>PermitRootLogin no<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Make sure to remove the <\/span><span class=\"inline-code ng-star-inserted\">#<\/span><span class=\"ng-star-inserted\"> at the beginning if there is one.<\/span><\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Save and exit the file.<\/span><\/strong><span class=\"ng-star-inserted\"> Press <\/span><span class=\"inline-code ng-star-inserted\">Ctrl+X<\/span><span class=\"ng-star-inserted\">, then <\/span><span class=\"inline-code ng-star-inserted\">Y<\/span><span class=\"ng-star-inserted\"> to confirm, and <\/span><span class=\"inline-code ng-star-inserted\">Enter<\/span><span class=\"ng-star-inserted\"> to save.<\/span><\/p>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Restart the SSH service to apply the changes.<\/span><\/strong><\/p>\n<div class=\"container\">\n<p><span class=\"mat-content\"><span class=\"material-symbols-outlined notranslate title-icon\" aria-hidden=\"true\"> code <\/span>Bash<\/span><\/p>\n<div class=\"mat-expansion-panel-content-wrapper\">\n<div id=\"cdk-accordion-child-84\" class=\"mat-expansion-panel-content\" role=\"region\" aria-labelledby=\"mat-expansion-panel-header-84\">\n<div class=\"mat-expansion-panel-body\">\n<pre class=\"ng-star-inserted\"><code>systemctl restart ssh<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/li>\n<\/ol>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Now, any attempt to log in as <\/span><span class=\"inline-code ng-star-inserted\">root<\/span><span class=\"ng-star-inserted\"> via SSH will be immediately rejected. You have successfully hardened your server&#8217;s primary entry point.<\/span><\/p>\n<hr class=\"ng-star-inserted\" \/>\n<h3 class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Step 4: Set Up a Basic Firewall with UFW<\/span><\/strong><\/h3>\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">The Problem:<\/span><\/strong><span class=\"ng-star-inserted\"> By default, a server is like a house with every single door and window unlocked. Any service you install could potentially open a &#8220;port&#8221; (a digital doorway) that could be exploited. A firewall acts as a security guard, closing all doors by default and only opening the specific ones you explicitly allow.<\/span><\/p>\n<figure id=\"attachment_146367\" aria-describedby=\"caption-attachment-146367\" style=\"width: 700px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-146367 size-full\" src=\"https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Set-Up-a-Basic-Firewall-with-UFW.jpg\" alt=\"Set Up a Basic Firewall with UFW\" width=\"700\" height=\"500\" title=\"-\" srcset=\"https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Set-Up-a-Basic-Firewall-with-UFW.jpg 700w, https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Set-Up-a-Basic-Firewall-with-UFW-560x400.jpg 560w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-146367\" class=\"wp-caption-text\">Set Up a Basic Firewall with UFW<\/figcaption><\/figure>\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">The Solution:<\/span><\/strong><span class=\"ng-star-inserted\"> We will use UFW (Uncomplicated Firewall), the default and very user-friendly firewall tool for Ubuntu, to set up a basic but highly effective ruleset.<\/span><\/p>\n<ol class=\"ng-star-inserted\">\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Allow essential connections.<\/span><\/strong><span class=\"ng-star-inserted\"> The first rule, and the most important, is to allow SSH connections. If you don&#8217;t do this before enabling the firewall, you will be locked out!<\/span><\/p>\n<div class=\"container\">\n<p><span class=\"mat-content\"><span class=\"material-symbols-outlined notranslate title-icon\" aria-hidden=\"true\"> code <\/span>Bash<\/span><\/p>\n<div class=\"mat-expansion-panel-content-wrapper\">\n<div id=\"cdk-accordion-child-85\" class=\"mat-expansion-panel-content\" role=\"region\" aria-labelledby=\"mat-expansion-panel-header-85\">\n<div class=\"mat-expansion-panel-body\">\n<pre class=\"ng-star-inserted\"><code>ufw allow OpenSSH<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Allow web traffic (optional but common).<\/span><\/strong><span class=\"ng-star-inserted\"> If you plan to host a website, you should also allow HTTP and HTTPS traffic now.<\/span><\/p>\n<div class=\"container\">\n<p><span class=\"mat-content\"><span class=\"material-symbols-outlined notranslate title-icon\" aria-hidden=\"true\"> code <\/span>Bash<\/span><\/p>\n<div class=\"mat-expansion-panel-content-wrapper\">\n<div id=\"cdk-accordion-child-86\" class=\"mat-expansion-panel-content\" role=\"region\" aria-labelledby=\"mat-expansion-panel-header-86\">\n<div class=\"mat-expansion-panel-body\">\n<pre class=\"ng-star-inserted\"><code>ufw allow <span class=\"hljs-string\">'WWW Full'<\/span><\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Enable the firewall.<\/span><\/strong><span class=\"ng-star-inserted\"> Now that your essential rules are in place, you can turn the firewall on.<\/span><\/p>\n<div class=\"container\">\n<p><span class=\"mat-content\"><span class=\"material-symbols-outlined notranslate title-icon\" aria-hidden=\"true\"> code <\/span>Bash<\/span><\/p>\n<div class=\"mat-expansion-panel-content-wrapper\">\n<div id=\"cdk-accordion-child-87\" class=\"mat-expansion-panel-content\" role=\"region\" aria-labelledby=\"mat-expansion-panel-header-87\">\n<div class=\"mat-expansion-panel-body\">\n<pre class=\"ng-star-inserted\"><code>ufw <span class=\"hljs-built_in\">enable<\/span><\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">The system will warn you that this may disrupt existing SSH connections. Type <\/span><span class=\"inline-code ng-star-inserted\">y<\/span><span class=\"ng-star-inserted\"> and press Enter.<\/span><\/p>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Check the firewall status.<\/span><\/strong><span class=\"ng-star-inserted\"> You can see your active rules at any time with this command:<\/span><\/p>\n<div class=\"container\">\n<p><span class=\"mat-content\"><span class=\"material-symbols-outlined notranslate title-icon\" aria-hidden=\"true\"> code <\/span>Bash<\/span><\/p>\n<div class=\"mat-expansion-panel-content-wrapper\">\n<div id=\"cdk-accordion-child-88\" class=\"mat-expansion-panel-content\" role=\"region\" aria-labelledby=\"mat-expansion-panel-header-88\">\n<div class=\"mat-expansion-panel-body\">\n<pre class=\"ng-star-inserted\"><code>ufw status<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">You should see that connections to OpenSSH and WWW Full are allowed from anywhere, and all other incoming connections are denied. Your server is now protected by a digital shield.<\/span><\/p>\n<\/li>\n<\/ol>\n<hr class=\"ng-star-inserted\" \/>\n<h3 class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Step 5: Update Your System Software<\/span><\/strong><\/h3>\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">The Problem:<\/span><\/strong><span class=\"ng-star-inserted\"> Software is never perfect. Developers are constantly finding and fixing security vulnerabilities in the operating system and its packages. An out-of-date server is a vulnerable server, full of known security holes that attackers can exploit.<\/span><\/p>\n<figure id=\"attachment_146372\" aria-describedby=\"caption-attachment-146372\" style=\"width: 700px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-146372 size-full\" src=\"https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Update-Your-System-Software.jpg\" alt=\"Update Your System Software\" width=\"700\" height=\"500\" title=\"-\" srcset=\"https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Update-Your-System-Software.jpg 700w, https:\/\/static.vinahost.vn\/wp-content\/uploads\/2025\/08\/Update-Your-System-Software-560x400.jpg 560w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-146372\" class=\"wp-caption-text\">Update Your System Software<\/figcaption><\/figure>\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">The Solution:<\/span><\/strong><span class=\"ng-star-inserted\"> Your final essential step is to run a full system update. This downloads and applies all the latest security patches and bug fixes, ensuring your server&#8217;s software is as secure as possible from day one.<\/span><\/p>\n<ol class=\"ng-star-inserted\">\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">From your <\/span><span class=\"inline-code ng-star-inserted\">sudo<\/span><span class=\"ng-star-inserted\"> user account<\/span><\/strong><span class=\"ng-star-inserted\">, run the following commands. You will be prompted for your user&#8217;s password.<\/span><\/p>\n<div class=\"container\">\n<p><span class=\"mat-content\"><span class=\"material-symbols-outlined notranslate title-icon\" aria-hidden=\"true\"> code <\/span>Bash<\/span><\/p>\n<div class=\"mat-expansion-panel-content-wrapper\">\n<div id=\"cdk-accordion-child-89\" class=\"mat-expansion-panel-content\" role=\"region\" aria-labelledby=\"mat-expansion-panel-header-89\">\n<div class=\"mat-expansion-panel-body\">\n<pre class=\"ng-star-inserted\"><code>sudo apt update\r\nsudo apt upgrade -y<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">What do these commands do?<\/span><\/strong><\/p>\n<ul class=\"ng-star-inserted\">\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"inline-code ng-star-inserted\">sudo apt update<\/span><span class=\"ng-star-inserted\"> doesn&#8217;t install anything. It simply downloads the latest list of available software packages from Ubuntu&#8217;s repositories.<\/span><\/p>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"inline-code ng-star-inserted\">sudo apt upgrade -y<\/span><span class=\"ng-star-inserted\"> compares the list of what&#8217;s installed with the new list and installs the newer versions of everything on your system. The <\/span><span class=\"inline-code ng-star-inserted\">-y<\/span><span class=\"ng-star-inserted\"> flag automatically answers &#8220;yes&#8221; to the confirmation prompts.<\/span><\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">This process might take a few minutes, but when it&#8217;s done, your server is running the most recent and secure versions of its core software.<\/span><\/p>\n<h3 class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">2. Conclusion: A Secure Foundation for Growth<\/span><\/strong><\/h3>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">In less than an hour, you have taken a default server and transformed it into a hardened, secure foundation. By completing these five steps, you have:<\/span><\/p>\n<ul class=\"ng-star-inserted\">\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Secured the master account password.<\/span><\/p>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Created a safer day-to-day user.<\/span><\/p>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Eliminated the primary target for brute-force attacks.<\/span><\/p>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Blocked all unwanted network connections.<\/span><\/p>\n<\/li>\n<li class=\"ng-star-inserted\">\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Patched all known software vulnerabilities.<\/span><\/p>\n<\/li>\n<\/ul>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">This secure foundation is not just a one-time task; it&#8217;s the repeatable blueprint for your project&#8217;s growth. As your business expands, you will apply this exact security checklist to every new server you deploy. When you need to provide low-latency performance for customers in Kuala Lumpur or Singapore, spinning up a\u00a0<\/span><strong class=\"ng-star-inserted\"><a class=\"ng-star-inserted\" href=\"https:\/\/vinahost.vn\/en\/best-vps-malaysia\/\" target=\"_blank\" rel=\"noopener\"><span class=\"ng-star-inserted\">vps malaysia<\/span><\/a><\/strong><span class=\"ng-star-inserted\">\u00a0and running these five steps becomes a simple, routine part of your expansion strategy.<\/span><\/p>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">But what happens when your application grows beyond the resources of even a powerful VPS? When you need maximum, uncontended power for a high-traffic e-commerce site or a mission-critical application, your next logical step is a dedicated server. This is where you get an entire physical machine to yourself, offering unparalleled performance and control.<\/span><\/p>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">The same strategic thinking applies. For ultimate performance in the Indochina region, a dedicated\u00a0<\/span><strong class=\"ng-star-inserted\"><a class=\"ng-star-inserted\" href=\"https:\/\/vinahost.vn\/en\/dedicated-server-laos\/\" target=\"_blank\" rel=\"noopener\"><span class=\"ng-star-inserted\">server laos<\/span><\/a><\/strong><span class=\"ng-star-inserted\">\u00a0provides the raw processing power and network capacity you need. Similarly, for major enterprise clients targeting the ASEAN hub, a dedicated\u00a0<\/span><strong class=\"ng-star-inserted\"><a class=\"ng-star-inserted\" href=\"https:\/\/vinahost.vn\/en\/dedicated-server-malaysia\/\" target=\"_blank\" rel=\"noopener\"><span class=\"ng-star-inserted\">server malaysia<\/span><\/a><\/strong><span class=\"ng-star-inserted\">\u00a0ensures your infrastructure can handle any demand without compromise. The fundamental security principles you&#8217;ve learned here are even more critical on these powerful machines.<\/span><\/p>\n<p class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Your server is now ready. Go ahead and build something amazing<\/span><\/p>\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><span class=\"ng-star-inserted\">Ready to start with a secure and powerful VPS?<\/span><\/strong><\/p>\n<p class=\"ng-star-inserted\"><strong class=\"ng-star-inserted\"><a class=\"ng-star-inserted\" href=\"https:\/\/www.google.com\/url?sa=E&amp;q=https%3A%2F%2Fvinahost.vn%2Fen%2Fvps-laos%2F\" target=\"_blank\" rel=\"noopener\"><span class=\"ng-star-inserted\">&gt;&gt; Choose Your VinaHost VPS and Secure it From Day One! &lt;&lt;<\/span><\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A brand-new VPS, by default, is a blank slate. While powerful, it&#8217;s also a potential target for the countless automated bots constantly scanning the internet for unprotected servers. Your first hour with a new VPS is the most critical time to establish a strong security foundation. This is not a task for security experts only&#8230;.<\/p>\n","protected":false},"author":36,"featured_media":147159,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[147],"tags":[],"class_list":["post-146158","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"acf":[],"_links":{"self":[{"href":"https:\/\/vinahost.vn\/en\/wp-json\/wp\/v2\/posts\/146158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vinahost.vn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vinahost.vn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vinahost.vn\/en\/wp-json\/wp\/v2\/users\/36"}],"replies":[{"embeddable":true,"href":"https:\/\/vinahost.vn\/en\/wp-json\/wp\/v2\/comments?post=146158"}],"version-history":[{"count":5,"href":"https:\/\/vinahost.vn\/en\/wp-json\/wp\/v2\/posts\/146158\/revisions"}],"predecessor-version":[{"id":147156,"href":"https:\/\/vinahost.vn\/en\/wp-json\/wp\/v2\/posts\/146158\/revisions\/147156"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vinahost.vn\/en\/wp-json\/wp\/v2\/media\/147159"}],"wp:attachment":[{"href":"https:\/\/vinahost.vn\/en\/wp-json\/wp\/v2\/media?parent=146158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vinahost.vn\/en\/wp-json\/wp\/v2\/categories?post=146158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vinahost.vn\/en\/wp-json\/wp\/v2\/tags?post=146158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}