1 min read

VPS Shortlist

Disclamer; this is not a complete list, and should only be used a starting point to sanity check new Virtual Server deployments.

  • Change your default SSH Port
  • Disable root ssh
  • Disable ssh password auth
  • Enable IPTables/nftables
  • Configure IPTables
  • Enable two factor auth in pam
  • Properly setup sudo
  • Setup yubikey and/or google-authenticator
  • Disable TLSv1, SSLv2, and SSLv3 on all of your services
  • Enforce decent crypto algorithms
  • Enable auditd
  • Enable and configure SELinux
  • Configure services to run on private addresses, (, 192.168/16, 10/8)