Question about locking down shell access.

Posted December 11, 2013 3k views
So ... I'm trying out the cloud hosting thing for the first time. I've maintained several small web sites on a FreeBSD VPS for several years, and have a lot of Linux experience, so I don't expect too many surprises ... still, I'm new to cloud hosting, and I don't completely understand what it is (partly because cloud providers don't seem to like to give straightforward technical details). So I want to take certain steps to secure my droplet, but I just want to know if there are any 'gotchas' I need to be concerned about in a cloud hosting environment. Here's the procedure I have followed on the other VPS: 1. Create an SSH key pair for my regular user account. 2. Upload public key. 3. Test login w/ public key. 4. Disable password access for all users. 5. Disable remote root logins (i.e., after this & the previous step, I can only log in remotely using public key auth, and only as a regular user). 6. Switch SSHD to run on a non-standard port. 7. Disable all ports that I don't actually use (so probably my server will accept requests on ports 80, 443, and the SSH port, and no others). Any reason why any of these steps wouldn't work? Thanks in advance for any feedback!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers
"...and I don't completely understand what it is"

DigitalOcean runs RedHat's KVM Hypervisor.

"Any reason why any of these steps wouldn't work?"

Nope. In fact, all of those steps are covered in an array of articles published by DigitalOcean, i.e.

1., 2. & 3.) How To Use SSH Keys with DigitalOcean Droplets;
4.) How To Create SSH Keys with PuTTY to Connect to a VPS;
5. & 6.) Initial Server Setup with Ubuntu 12.04;
7.) How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server.

So, it's probably safe to assume that there aren't any "gotchas."
by Etel Sverdlov
This tutorial covers how to login with root, how to change the root password, how to create a new user, how to give the new user root privileges, how to change the port, and how to disable root login in. This tutorial is written for Ubuntu. When you first create your server, this tutorial explains the first steps you need to take. This tutorial is written for Ubuntu 12.04.