Securing Your Fresh Ubuntu 24.04 VPS in 10 Minutes (UFW, SSH Keys, Fail2Ban)

AI development environment on Ubuntu

You just bought a fresh VPS from Joy Services. It’s fast, it’s clean, and right now, it is completely vulnerable.

Bots scan the internet 24/7 looking for fresh servers with weak passwords. This guide will take you from "fresh install" to "fortress" in under 10 minutes using SSH Keys, UFW, and Fail2Ban.

Step 1: Update and Create a "Sudo" User

Never operate as root. We will create a new user with administrative privileges instead.

1. Log in to your server:

Bash (Your Laptop)

user@laptop:~$ ssh root@your_server_ip

2. Create a new user (replace joyuser with your name):

Bash (Server)

root@joy:~# adduser joyuser

3. Grant admin privileges:

Bash

root@joy:~# usermod -aG sudo joyuser

Step 2: Set Up SSH Keys

Do this step on your LOCAL computer (open a new terminal window).

1. Generate a key pair:

Bash (Your Laptop)

user@laptop:~$ ssh-keygen -t ed25519 -C "your_email@example.com"

Expected Output:

Terminal Output

Generating public/private ed25519 key pair.
Enter file in which to save the key (/Users/user/.ssh/id_ed25519): [Press Enter]

2. Copy the key to your VPS:

Bash (Your Laptop)

user@laptop:~$ ssh-copy-id joyuser@your_server_ip

Error: "Permission denied (publickey)"? If you can't copy the ID, it means password login might already be disabled. You will need to log in as root and manually paste the key into /home/joyuser/.ssh/authorized_keys.

Step 3: Configure Firewall (UFW)

Back on your Server Terminal, we will lock down the ports.

1. Allow SSH (Critical):

Bash

root@joy:~# sudo ufw allow ssh

2. Enable the firewall:

Bash

root@joy:~# sudo ufw enable

Terminal Output

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Step 4: Disable Password Login

Now that keys and firewall are working, we disable passwords to stop brute-force attacks.

1. Edit SSH Config:

Bash

root@joy:~# sudo nano /etc/ssh/sshd_config

2. Change these lines to "no":

PasswordAuthentication no PermitRootLogin no

3. Restart SSH:

Bash

root@joy:~# sudo systemctl restart ssh

Locked Out? If you accidentally closed the terminal and can't log back in, use the VNC Console feature in your Joy Services dashboard to access the server directly and undo the changes.

Step 5: Install Fail2Ban

Fail2Ban will automatically ban any IP address that tries to hack you.

1. Install and Start:

Bash

root@joy:~# sudo apt install fail2ban -y

2. Check Status:

Bash

root@joy:~# sudo systemctl status fail2ban

Expected Output:

Terminal Output

● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
     Active: active (running)

Summary

Your Joy Services VPS is now secure. You have replaced passwords with keys, blocked all unused ports, and set up an automated bouncer for hackers.

No Previous Post

How to Host Multiple Websites on a Single Joy Services VPS using Nginx Server Blocks