DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Question

Question about locking down shell access.

  • Posted December 11, 2013

So … I’m trying out the cloud hosting thing for the first time. I’ve maintained several small web sites on a FreeBSD VPS for several years, and have a lot of Linux experience, so I don’t expect too many surprises … still, I’m new to cloud hosting, and I don’t completely understand what it is (partly because cloud providers don’t seem to like to give straightforward technical details). So I want to take certain steps to secure my droplet, but I just want to know if there are any ‘gotchas’ I need to be concerned about in a cloud hosting environment.

Here’s the procedure I have followed on the other VPS:

  1. Create an SSH key pair for my regular user account.
  2. Upload public key.
  3. Test login w/ public key.
  4. Disable password access for all users.
  5. Disable remote root logins (i.e., after this & the previous step, I can only log in remotely using public key auth, and only as a regular user).
  6. Switch SSHD to run on a non-standard port.
  7. Disable all ports that I don’t actually use (so probably my server will accept requests on ports 80, 443, and the SSH port, and no others).

Any reason why any of these steps wouldn’t work?

Thanks in advance for any feedback!

Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

matt350926December 14, 2013

Thanks, Pablo!

pabloDecember 12, 2013

<b>“…and I don’t completely understand what it is”</b> <br> <br>DigitalOcean runs RedHat’s <a href=“http://www.linux-kvm.org/page/Main_Page”>KVM Hypervisor</a>. <br> <br><b>“Any reason why any of these steps wouldn’t work?”</b> <br> <br>Nope. In fact, all of those steps are covered in an array of articles published by DigitalOcean, i.e. <br> <br>1., 2. & 3.) <a href=“https://www.digitalocean.com/community/articles/how-to-use-ssh-keys-with-digitalocean-droplets”>How To Use SSH Keys with DigitalOcean Droplets</a>; <br>4.) <a href=“https://www.digitalocean.com/community/articles/how-to-create-ssh-keys-with-putty-to-connect-to-a-vps”>How To Create SSH Keys with PuTTY to Connect to a VPS</a>; <br>5. & 6.) <a href=“https://www.digitalocean.com/community/articles/initial-server-setup-with-ubuntu-12-04”>Initial Server Setup with Ubuntu 12.04</a>; <br>7.) <a href=“https://www.digitalocean.com/community/articles/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server”>How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server</a>. <br> <br>So, it’s probably safe to assume that there aren’t any “gotchas.”

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up