Security & Server Hardening
Protect your instance. These steps are fully compatible with both Ubuntu 24.04 and Debian 13.
CRITICAL: Keep your current SSH session open in a separate window until you have verified that the new login works. If you get locked out, use the Rescue Mode in your PowerPanel to mount your drive and reset the sshd_config.
Deploy SSH Keys
SSH Keys are cryptographic pairs. The private key stays on your PC, while the public key is uploaded to the server to identify you. Run this on your local computer:
Next, transfer the public key to your server. (Note: On Debian, if ssh-copy-id is missing, install it via apt install openssh-client):
Before moving to Step 2, ensure you can log in without being prompted for a password:
Disable Password Logins
Now that your key works, we disable password logins to block brute-force attacks. Open the SSH configuration:
# is at the start):PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin prohibit-password
Firewall Configuration (UFW)
We use UFW (Uncomplicated Firewall). On Debian, it might not be pre-installed. Run the following commands to install and configure it:
Important: Typing ufw enable will ask for confirmation. Type y and press Enter. This will not disconnect your current SSH session as we allowed SSH in the previous line.
Install Fail2Ban
Fail2Ban provides an extra layer of defense by banning IPs that show suspicious login patterns:
Security Hardening Complete
Your server is now protected. Head back to the main guide to continue with OpenClaw.
To Installation Guide