Repository inventory

mikr13/secure-server-setup-skills

Skills indexed from this repository, with install-style signals scoped to the repo.
3 skills12 GitHub stars0 weekly installsShellGitHubOwner profile

Overview

This skill hardens SSH access on VPS servers by enforcing key-based authentication, disabling root login, and creating non-root sudo users. It implements safe, test-first changes to sshd_config and provides step-by-step checks to avoid locking yourself out. The goal is to reduce brute-force and credential risks while maintaining operational access.

How this skill works

The skill creates a non-root user with sudo privileges, generates or installs public SSH keys, and configures the SSH daemon to refuse password and root logins. It updates core sshd_config options (PermitRootLogin, PasswordAuthentication, AllowUsers, Protocol, etc.), validates the configuration with sshd -t, and guides a safe restart. It also includes recommended firewall and monitoring suggestions.

When to use it

  • Initial VPS provisioning to establish secure access
  • Replacing password authentication with SSH keys
  • Responding to security audit findings about SSH settings
  • Reducing exposure to brute-force and credential attacks
  • Implementing least-privilege access for server administration

Best practices

  • Create and test a non-root sudo user before changing SSH settings
  • Generate and use ed25519 keys with a strong passphrase when possible
  • Always test new key login in a separate terminal and keep an existing session open
  • Run sudo sshd -t to validate syntax before restarting the service
  • Restrict access with AllowUsers or AllowGroups and update firewall rules if you change the SSH port

Example use cases

  • Set up a deployer user with key-only SSH access on a fresh VPS
  • Harden an existing server after a security scan flagged root or password logins
  • Migrate a team from password SSH to centrally managed key pairs
  • Lock down SSH to only specific admin accounts and disable unused features like X11 forwarding
  • Combine with fail2ban and firewall rules to reduce noise and automated attacks

FAQ

Use your hosting provider’s console or VNC to access the instance, revert the changes in /etc/ssh/sshd_config, and restart sshd. Always keep one working session open while testing to prevent lockout.

Which key type should I use?

Use ed25519 for modern, compact, and secure keys. Use rsa -b 4096 only for older compatibility when ed25519 is unavailable.

Can I disable password auth immediately?

No. First create a non-root user, install and test SSH key authentication in a new terminal, then disable password authentication and restart sshd after validating the config.

3 skills

More from this maintainer
Other repositories and skills published under the same GitHub owner.
Skills library
Jump back to the full directory or explore grouped topics.
Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational