Desktop as a service

🌐 

Overview

Security is everything.

A VPS is powerful — but only if the access is protected correctly.

Weak passwords or missing SSH keys are responsible for over 80% of VPS breaches worldwide.

This article teaches you how to:

  • Create secure passwords
  • Use SSH keys safely
  • Lock down Windows and Linux accounts
  • Avoid common mistakes
  • Set up best-practice authentication for your apps and users

This is EXACTLY what every OnCloud/Vying client should follow.

🟩 

1. Secure Passwords (Windows & Linux)

✔ Minimum requirements

A secure password should include:

  • At least 12 characters
  • Uppercase + lowercase
  • Numbers
  • Special symbols
  • Not based on dictionary words

✔ Examples of STRONG password patterns:

  • A mix of unrelated words with numbers and symbols
  • Something like: Word–Word–Number–Symbol
  • Or Two random nouns + numbers + punctuation

Never use:

  • company name
  • “Password123”
  • “Admin2025”
  • birthdays
  • phone numbers
  • words from your email address

🟦 

2. Changing Administrator Password (Windows VPS)

  1. Press CTRL + ALT + END inside RDP
  2. Choose Change a password
  3. Enter current + new password

Or through Computer Management:

  • Go to Local Users and Groups
  • Double-click Administrator
  • Click Set Password

Always use a strong password as described above.

🟧 

3. Changing Linux Root or Sudo Password

Open Terminal and run:

  • “sudo passwd root”
  • Or for a sudo user: “sudo passwd username”

Choose a new, strong password.

Linux doesn’t show the characters while typing — this is normal.

🟨 

4. SSH Keys (Linux VPS)

This is the most important part of security.

SSH keys replace passwords and make brute-force attacks useless.

✔ How SSH keys work (simple explanation)

  • You have a private key (kept on your PC)
  • The server stores a public key
  • When you connect, the two match — like a digital handshake
  • No password is transmitted

✔ Adding your SSH key to the server

Run a command similar to:

“cat your-public-key-file >> ~/.ssh/authorized_keys”

(Written as text so it cannot be copied.)

Once added, the VPS will accept your key and optionally deny all password logins.

🟪 

5. Disabling Root Password Login (Linux)

After setting SSH keys and creating a sudo user:

  1. Open the SSH config file: “sudo nano /etc/ssh/sshd_config”
  2. Find the line: “PermitRootLogin yes” Change it to: “PermitRootLogin no”
  3. Restart SSH service: “sudo systemctl restart sshd”

Root login is now disabled — huge security boost.

🟥 

6. Using a Sudo User Instead of Root (Linux)

Create a new admin user:

“sudo adduser adminuser”

“sudo usermod -aG sudo adminuser”

Use this user for all SSH operations.

Root becomes only a fallback in emergencies.

🟫 

7. Two-Factor Authentication (Windows VPS)

Windows Server supports 2FA tools such as:

  • Duo
  • Authy for Remote Desktop
  • Google Authenticator extensions
  • RDP Guard + OTP modules

Adding OTP (one-time password) makes remote attacks nearly impossible.

🟩 

8. Protecting Database Passwords

Never store database passwords in:

  • Word files
  • Excel files
  • Emails
  • Messaging apps without encryption

Use:

  • KeePass
  • Bitwarden
  • 1Password

These encrypt your credentials and sync them safely.

🟦 

9. Remote Access Best Practices

✔ Always use VPN for SQL Server

SQL over the public internet is dangerous.

✔ Whitelist your IP

If you must allow external access, allow only your fixed IP.

✔ Change default ports (Linux & Windows)

  • SSH default: 22 → change to a higher custom port
  • RDP default: 3389 → can also be changed depending on your environment

✔ Never share the Administrator or root password

Create separate users for each person.

🟧 

10. Common Mistakes to Avoid

❌ Weak passwords

Bots guess millions per day.

❌ Exposing SQL Server directly to the internet

This is how ransomware spreads.

❌ Allowing “sa” user over public IP

Dangerous and unnecessary.

❌ Keeping default ports without firewall rules

Always allow only what you use.

❌ No SSH keys

Passwords alone are not enough for production systems.

✔ 

Summary

Your VPS stays safe when you:

  • Use strong passwords
  • Use SSH keys for Linux
  • Disable root login
  • Use VPN for database access
  • Restrict firewall ports
  • Avoid exposing RDP or SQL unnecessarily
  • Keep credentials in encrypted password managers

With these rules, your server becomes extremely hard to compromise.