Author

Topic: [HOW-TO]Secure your VPS's - stop thiefs (Read 615 times)

hero member
Activity: 854
Merit: 500
August 19, 2013, 05:46:43 PM
#11
text file [...] password

Never save your password in an unencrypted text file!
legendary
Activity: 1372
Merit: 1008
1davout
August 19, 2013, 05:45:03 PM
#10
Way more secure and practical to disable password authentication and use key-based/certificate authentication.

If and only if you also have a good passphrase on your key.
You get the convenience too by using ssh-agent.
legendary
Activity: 1372
Merit: 1008
1davout
August 19, 2013, 05:44:00 PM
#9
istart a text file one your home pc and start beating up your keyboard , use the shift key and numbers to get special chars.  about 20-50 chars long should do.

No, do this

Code:
$ openssl rand -base64 45
vip
Activity: 756
Merit: 503
August 19, 2013, 05:40:47 PM
#8
Way more secure and practical to disable password authentication and use key-based/certificate authentication.
legendary
Activity: 1512
Merit: 1000
August 19, 2013, 05:36:41 PM
#7
One more idea. If you have an other machine somewhere what running 24/7 you can send syslogs to this remote machine from your VPS. In this case the attacker can delete the local logs, but as you still have a copy on the remote machine you can find out what happened.
hero member
Activity: 524
Merit: 500
August 19, 2013, 05:35:32 PM
#6
crazy stuff does happen though. im sure there is a crook or two somewhere in a vps company.
i guess if your really worried about the vps hosting company that your should encrypt your virtual drive
Encrypting drives won't help, the RAM is still observable by the host. Just don't put your private keys on VPS. (though I'm not sure whether open-source miners can mine without it)
legendary
Activity: 1512
Merit: 1000
August 19, 2013, 05:22:05 PM
#5
For generating and safely storing passwords Keepass is a good option.
sr. member
Activity: 266
Merit: 250
August 19, 2013, 04:27:41 PM
#4
That's a good practice to prevent roots login over ssh, and should be encouraged for anyone running a linux server.
But this would not stop an admin at the VPS datacenter from snooping around or accessing your files on disk?

crazy stuff does happen though. im sure there is a crook or two somewhere in a vps company.

i guess if your really worried about the vps hosting company that your should encrypt your virtual drive

truecrypt is opensourse, and there is ecryptfs-utils also.

If you were to encrypt you virtual drive, then change root and user passwords again, and then change the hdd encryption key again over a secure ssh into your new encrypted virtual drive... and you should be good... unless the vps owners have lots of time on their hands....

i think that is getting a little paranoid but that should stop a vps owner dead in their tracks from getting your data.... i suppose you could go as far as installing a vm inside your vps, and choosing the encrypt during install option, and then ssh into your vm.
hero member
Activity: 524
Merit: 500
August 19, 2013, 04:13:26 PM
#3
This should prevent anyone from getting into your vps.
Except provider's staff
legendary
Activity: 1382
Merit: 1002
August 19, 2013, 04:04:40 PM
#2
That's a good practice to prevent roots login over ssh, and should be encouraged for anyone running a linux server.
But this would not stop an admin at the VPS datacenter from snooping around or accessing your files on disk?
sr. member
Activity: 266
Merit: 250
August 19, 2013, 03:58:21 PM
#1
in regards to this topic i thought i should share this with everyone https://bitcointalksearch.org/topic/xpm-7800-stolen-please-read-help-277440  7800 XPM stolen from VPS
 
for future use of vpn i urge everyone to do this


Code:
apt-get update && apt-get --yes upgrade

useradd -m -G sudo,adm -s /bin/bash yournewusername

passwd root

start a text file one your home pc and start beating up your keyboard , use the shift key and numbers to get special chars.  about 20-50 chars long should do.

it should like like

!W45ygbw4%BN56j8u46m7mki578,o0,5mrn6Uw4b5vy1q34tv13%By2n456@$5y2v#$%t1cf34Tg2v345t24%BY@$YH#%6unh5&U#bv45c@#$!#!#RE$T!#$VQ#$

save your text file!!!! and don't lose it.

make two of these passwords, so you can add a secure password to your new user u added.

Code:
passwd yournewusername

next you should also disable root access

Code:
nano /etc/ssh/sshd_config

change the permit root login option to no , save the file.

Code:
exit

log out as root, and log back in using your new username and password in your text file. Obviously you will just copy / paste the password, right click on your ssh console to paste it in.

This should prevent anyone from getting into your vps.
Jump to: