So ... I'm trying out the cloud hosting thing for the first time. I've maintained several small web sites on a FreeBSD VPS for several years, and have a lot of Linux experience, so I don't expect too many surprises ... still, I'm new to cloud hosting, and I don't completely understand what it is (partly because cloud providers don't seem to like to give straightforward technical details). So I want to take certain steps to secure my droplet, but I just want to know if there are any 'gotchas' I need to be concerned about in a cloud hosting environment.
Here's the procedure I have followed on the other VPS:
1. Create an SSH key pair for my regular user account.
2. Upload public key.
3. Test login w/ public key.
4. Disable password access for all users.
5. Disable remote root logins (i.e., after this & the previous step, I can only log in remotely using public key auth, and only as a regular user).
6. Switch SSHD to run on a non-standard port.
7. Disable all ports that I don't actually use (so probably my server will accept requests on ports 80, 443, and the SSH port, and no others).
Any reason why any of these steps wouldn't work?
Thanks in advance for any feedback!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart.
If you run into issues leave a comment, or add your own answer to help others.