LIVE NOW
DartDay - 24 Hours of Blow Out Deals!
00d : 00h : 00m : 00s
Go To the Event

Knowledge Base

Find detailed guides, step-by-step tutorials, and FAQs to help you get the most from your DartNode services.

Navigation
Back to Security & Firewall KB Home
home security-firewall server-setup

Initial Server Security Hardening

Initial Server Security Hardening

These steps are recommended for every new server.

1. Create a Non-Root User

adduser deploy
usermod -aG sudo deploy

2. Set Up SSH Key Authentication

On your local machine:

ssh-keygen -t ed25519 -C "[email protected]"
ssh-copy-id deploy@YOUR_SERVER_IP

3. Disable Root Login and Password Authentication

Edit /etc/ssh/sshd_config:

PermitRootLogin no
PasswordAuthentication no

Restart SSH:

systemctl restart sshd

Warning: Make sure your SSH key works before disabling password authentication, or you will be locked out. Use VNC Console from the DartNode dashboard if locked out.

4. Enable Automatic Security Updates

# Ubuntu/Debian
apt install unattended-upgrades -y
dpkg-reconfigure -plow unattended-upgrades

# CentOS/AlmaLinux
dnf install dnf-automatic -y
systemctl enable --now dnf-automatic.timer

5. Install Fail2Ban (Brute-Force Protection)

apt install fail2ban -y    # Ubuntu/Debian
dnf install fail2ban -y    # CentOS (EPEL required)

systemctl start fail2ban
systemctl enable fail2ban

Fail2Ban automatically blocks IPs that have too many failed SSH login attempts.