Hey,
In this post I want to tell you what I set up as default security on my VServer.
## Install Firefall UFW
# Install
apt install ufw
# disable autostart of UFW, so you don't lock yourself out
systemctl disable ufw
# Allow all outgoing and block incoming
ufw default deny incoming
ufw default allow outgoing
# SSH & Http(s) requests allow ports
ufw allow 21
ufw allow 22
ufw allow 80
ufw allow 443
# Minecraft ports allow (optional)
ufw allow 25565
ufw allow 25566
...
# Example: Only the IP can access the port (optional)
ufw allow from 1.1.1.1 to any port 2812
# Re-enable UFW (Important: check if port 21 & 22 are allowed)
ufw enable
# Example: Remove rule
ufw delete allow 2812
# Example: Allow everything from one IP
ufw allow from 192.168.0.0/24
=================================
## Use private keys instead of password
Furthermore I recommend to generate private keys with Puttygen and then add the publish key to the file "authorized_keys" in the .ssh folder of the Linux user.
After that you can login with your key and if the login without password and with privatekey was successful, then the login with password should be disabled.
Since goes in the sshd configuration as follows:
# Open configuration
nano /etc/ssh/sshd_config
# Set PasswordAuthentication there to no
PasswordAuthentication no
(More details are explained in the video here).
=================================
## Install Fail2ban
apt install fail2ban
# Configuration
nano /etc/fail2ban/jail.conf
(If a user logs in incorrectly multiple times, their IP is temporarily banned. All configurable)
=================================
I hope you could learn something. Suggestions and enhancements are welcome! 
