Josef Set up a secure SSH connection: Set up SSH keys and disable password authentication to prevent unauthorized access. Install a firewall: Install and configure a firewall to protect against brute force attacks and malicious traffic. Enable logging: Enable logging on all services and set up log rotation to prevent log files from growing too large. Update your system: Make sure you always keep your system up to date with the latest security patches and software updates. Harden the kernel: Hardening the kernel can help protect against various attacks and vulnerabilities. Monitor system activity: Monitor system activity to detect any suspicious or malicious activity. Restrict user privileges: Restrict user privileges and make sure only trusted users have access to sensitive data and files. Use Secure FTP: Use Secure FTP (SFTP) for file transfers instead of plain FTP. Use secure file permissions: Set up secure file permissions to prevent unauthorized access to sensitive files. Use secure network protocols: Use secure network protocols such as SSL/TLS or IPSec to encrypt data in transit.
Boris_Zaitseva Secure SSH keys is key. You can upload your public key on the key management page: https://dash.99stack.com/auth/manage-ssh-keys then have it installed on any new server you deploy. To generate a key pair using Putty try this: Download and install the PuTTY Key Generator (PuTTYgen) program. In the ‘Parameters’ section, select the type of key you want to generate (the default is RSA). Click the ‘Generate’ button and move your mouse around in the blank area as instructed. Once the key pair is generated, you will be presented with a few options. Enter a passphrase in the Key passphrase field. Click the ‘Save public key’ button and specify the location to save the public key. Click the ‘Save private key’ button and specify the location to save the private key. You can now use the public and private keys to authenticate with the remote server. Don't forget to select the private key when connecting.
christobal SSH Key authentication and disable root login should be your first steps. Use ufw as your firewall and configure it to block all unused ports, or private ports in general.