Secure your VPS with one simple password trick
Most people who operate a VPS understand one of the fundamentals of password best practices: never use the same password in more than one location.
But for those who don’t quite understand yet, the scenario is simple. Let’s say that two years, you used one of your regular passwords to sign up for a webapp to help you make flash cards for those German lessons you were falling behind on. You also used that password for your brand-new VPS, thinking it was strong enough.
You’ve never been back to that flash card site in the two years since, but in the meantime, the company’s databases were hacked, and the contents published online. Even worse, they failed to properly encrypt their user’s passwords, which means that yours is now published, in plain text, for anyone to see.
Your password, along with all the others, now become a possible attack vector, particularly since it’s associated with your email address. Your “strong enough” password is now a wide-open opportunity for those who might want to use your VPS for nefarious ends.
Forcing yourself or other users to change passwords on a semi-regular basis is one of many options for increasing security and mitigating the risk of the aforementioned situation. Of course, we still recommend that you use strong, secure passwords or SSH-based authentication.
chage command allows you to age passwords according to your needs. You might need to install it using your distribution’s package manager.
To expire your password in 30 days:
$ sudo chage -M 30 your-user
$ sudo chage -M 99999 -E 99999 your-user
Once you’ve set these variables, you can see them using the same command.
$ sudo chage --list your-user
Starting 7 days before the expiration date, that user will begin to see warnings when they
ssh into the server.
You can also expire another user’s current password using the
passwd command. The next time they try to log in, they’ll be asked to enter their current password and change it to a new one.
$ sudo passwd -e other-user
To change your own password at any time, use the
$ sudo passwd your-user