Securing a fresh VPS (SSH daemon, UFW) | DevSecOps #3

This is Episode #3 of my DevSecOps series, where I share , a complete walkthrough for hardening a fresh Ubuntu VPS the right way in 2026 — covering SSH keys, non-root users, UFW firewall, sshd hardening, and the modern systemd socket activation gotcha that breaks 90% of tutorials online. By the end of this video, your VPS will be: ✅ Locked down to key-only SSH authentication ✅ Running on a custom port with UFW rate-limiting ✅ Free of root login (the #1 attack vector) ✅ Protected against the "I locked myself out" disaster ⏱️ Chapters: 0:00 Intro — What we will do and what we covered 1:48 What we will do in this episode 6:12 First login & patching the system 8:25 Creating a non-root sudo user 10:10 Setting up SSH authorized_keys correctly 14:00 Testing login — the two-terminal rule 15:25 Configuring UFW firewall 21:43 SSH daemon hardening (sshd_config) 26:24 The systemd socket activation gotcha 27:30 Closing port 22 & final verification 29:14 Recap & what's next 📌 DevSecOps Series Playlist: [https://www.youtube.com/playlist?list=PLEAUujeKPJjT9GOnOgRZEldzD6O06gi1h] 📌 Previous Episodes: 🔹 #1 — Architect a Secure CI/CD Pipeline in the Age of AI & Vibe Coding [https://www.youtube.com/watch?v=NLMn_XLG7QA&t=21s] 🔹 #2 — Picking the Right VPS for a Secure Pipeline [https://www.youtube.com/watch?v=6LLGBVybZ14&t=46s] #DevSecOps #VPSSecurity #LinuxHardening #SSH #UbuntuServer #CloudSecurity #DevOps #Cybersecurity #InfoSec #SelfHosted #SysAdmin #LinuxAdmin #SSHHardening #UFW #Fail2Ban #SystemAdministration #CICD #AzureDevOps #HomeLab #SecurityEngineering