[HOW-TO]Secure your VPS's - stop thiefs

[CryptoBullion]

in regards to this topic i thought i should share this with everyone https://bitcointalk.org/index.php?topic=277440.0  7800 XPM stolen from VPS
 
for future use of vpn i urge everyone to do this

Code:

apt-get update && apt-get --yes upgrade

useradd -m -G sudo,adm -s /bin/bash yournewusername

passwd root

start a text file one your home pc and start beating up your keyboard , use the shift key and numbers to get special chars.  about 20-50 chars long should do.

it should like like

!W45ygbw4%BN56j8u46m7mki578,o0,5mrn6Uw4b5vy1q34tv13%By2n456@$5y2v#$%t1cf34Tg2v345t24%BY@$YH#%6unh5&U#bv45c@#$!#!#RE$T!#$VQ#$

save your text file!!!! and don't lose it.

make two of these passwords, so you can add a secure password to your new user u added.

Code:

passwd yournewusername

next you should also disable root access

Code:

nano /etc/ssh/sshd_config

change the permit root login option to no , save the file.

Code:

exit

log out as root, and log back in using your new username and password in your text file. Obviously you will just copy / paste the password, right click on your ssh console to paste it in.

This should prevent anyone from getting into your vps.

[1713956861]

1713956861

[1713956861]

1713956861

[1713956861]

1713956861

[1713956861]

1713956861

[1713956861]

1713956861

[110110101]

That's a good practice to prevent roots login over ssh, and should be encouraged for anyone running a linux server.
But this would not stop an admin at the VPS datacenter from snooping around or accessing your files on disk?

[smolen]

This should prevent anyone from getting into your vps.

Except provider's staff

[CryptoBullion]

That's a good practice to prevent roots login over ssh, and should be encouraged for anyone running a linux server.
But this would not stop an admin at the VPS datacenter from snooping around or accessing your files on disk?

crazy stuff does happen though. im sure there is a crook or two somewhere in a vps company.

i guess if your really worried about the vps hosting company that your should encrypt your virtual drive

truecrypt is opensourse, and there is ecryptfs-utils also.

If you were to encrypt you virtual drive, then change root and user passwords again, and then change the hdd encryption key again over a secure ssh into your new encrypted virtual drive... and you should be good... unless the vps owners have lots of time on their hands....

i think that is getting a little paranoid but that should stop a vps owner dead in their tracks from getting your data.... i suppose you could go as far as installing a vm inside your vps, and choosing the encrypt during install option, and then ssh into your vm.

[Snail2]

For generating and safely storing passwords Keepass is a good option.

[smolen]

crazy stuff does happen though. im sure there is a crook or two somewhere in a vps company.
i guess if your really worried about the vps hosting company that your should encrypt your virtual drive

Encrypting drives won't help, the RAM is still observable by the host. Just don't put your private keys on VPS. (though I'm not sure whether open-source miners can mine without it)

[Snail2]

One more idea. If you have an other machine somewhere what running 24/7 you can send syslogs to this remote machine from your VPS. In this case the attacker can delete the local logs, but as you still have a copy on the remote machine you can find out what happened.

[01BTC10]

Way more secure and practical to disable password authentication and use key-based/certificate authentication.

[davout]

istart a text file one your home pc and start beating up your keyboard , use the shift key and numbers to get special chars.  about 20-50 chars long should do.

No, do this

Code:

$ openssl rand -base64 45

[davout]

Way more secure and practical to disable password authentication and use key-based/certificate authentication.

If and only if you also have a good passphrase on your key.
You get the convenience too by using ssh-agent.

[infested999]

text file [...] password

Never save your password in an unencrypted text file!