Essential Server Security Hardening for Ubuntu
A few basic steps dramatically reduce your server’s attack surface. Apply these right after provisioning.
1. Keep the system updated
sudo apt update && sudo apt upgrade -y2. Create a non-root user with sudo
sudo adduser deploy
sudo usermod -aG sudo deploy3. Configure the firewall (UFW)
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status4. Harden SSH
Edit /etc/ssh/sshd_config and set:
PermitRootLogin no
PasswordAuthentication no # after adding your SSH keysudo systemctl restart ssh5. Install Fail2ban
sudo apt install -y fail2ban
sudo systemctl enable --now fail2banAlso use SSH keys instead of passwords, and enable automatic security updates with sudo apt install unattended-upgrades.