How to Harden a Linux VPS in 30 Minutes (Production Checklist)

How to Harden a Linux VPS in 30 Minutes (Production Checklist) You just spun up a new VPS. Before you deploy anything, run through this checklist. These are the baseline hardening steps that prevent 90% of common attacks. 1. Update the System sudo apt update && sudo apt upgrade -y sudo apt autoremove -y Run this first. Always. 2. Create a Non-Root User # Add user adduser deploy # Give sudo access usermod -aG sudo deploy # Switch to new user su - deploy Never run your app as root. 3. Set Up SSH Key Authentication # On your LOCAL machine, generate a key if you don't have one ssh-keygen -t ed25519 -C "your-email@example.com" # Copy your public key to the server ssh-copy-id deploy@your-server-ip # Or manually: # cat ~/.ssh/id_ed25519.pub | ssh deploy@your-server-ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" Then disable password authentication: sudo nano /etc/ssh/sshd_config Change these lines: PasswordAuthentication no PermitRootLogin no PubkeyAuthentication yes sudo systemctl res