Security Hardening FAQ

Find answers to common questions about TetsuVPS security hardening, server requirements, and best practices.

What is TetsuVPS?

TetsuVPS is an automated security service that scans your servers for vulnerabilities and fixes them with one click. Built on industry standards including NSA Configuration Guides and Ubuntu Security Features, TetsuVPS performs over 130 automated security checks and provides one-click hardening solutions. The service is based on the trusted dev-sec.io framework, which is used by Fortune 500 companies for their security hardening needs.

How do I get started with TetsuVPS?

Getting started is a simple 3-step process:

1. Install the agent - Run this command on your server: curl -fsSL https://tetsuvps.com/api/setup/install | bash
2. Add your server - Go to your dashboard and add the server with its name and IP address
3. Run a security scan - Choose from Operating System, SSH, or Webserver scans

View complete quickstart guide →

⚠️ What must I do BEFORE hardening my server?

CRITICAL: You MUST complete ALL of these steps before hardening to avoid permanent lockout:

1. Create a full server backup/snapshot - Use your hosting provider's backup feature
2. Create a non-root user with sudo privileges - SSH hardening will disable root login
3. Set up SSH key authentication - Password authentication will be disabled
4. Test SSH access with the non-root user - Verify you can login before hardening
5. Backup your SSH private keys - Store them securely in multiple locations
6. Test on a staging server first - Never harden production without testing

⚠️ WARNING: Hardening changes are irreversible. If you lose SSH access, recovery requires provider intervention.

Which operating systems are supported?

Currently, TetsuVPS is tested and fully supported on Ubuntu 24.04 LTS. The system requires a fresh installation with SSH access on port 22 and root or sudo privileges. While most hardening practices are generally applicable to other Linux distributions, compatibility is not guaranteed. Lower versions of Ubuntu are not supported. If you need to run on a different distribution, please contact support for testing assistance.

What is Hardening?

System hardening refers to the process of securing a computer system by reducing its attack surface and implementing security best practices. This involves disabling unnecessary services, configuring secure settings, and implementing access controls to minimize vulnerabilities. TetsuVPS automates this process by applying over 130 security controls based on industry standards and the dev-sec.io framework.

How is my server hardened?

TetsuVPS implements comprehensive security hardening across three main areas:

• SSH Hardening - Disables password authentication, enforces key-based auth, removes weak ciphers, and implements strict access controls
• OS Hardening - Kernel security, network stack hardening, user account restrictions, and filesystem security based on NSA guidelines
• Webserver Hardening - UFW firewall configuration and Fail2ban intrusion prevention system

View detailed hardening specifications →

What types of security scans are available?

TetsuVPS offers three types of comprehensive security scans:

• Operating System Scan - Comprehensive security audit of your system
• SSH Scan - Checks SSH configuration and authentication security
• Webserver Scan - Analyzes web server security and firewall configuration

Each scan takes 2-3 minutes and provides a detailed report with one-click fixes.

Learn more about security scanning →

Can I use a custom SSH port?

Yes, TetsuVPS supports custom SSH ports. The default port is 22, but you can specify a custom port when adding your server to the dashboard. If you're having connection issues, verify the correct SSH port is configured. SSH configuration guide →

How do I uninstall TetsuVPS from my server?

To completely remove TetsuVPS from your server, run the uninstall commands to remove all TetsuVPS users and configurations. Note that hardening changes made to your server will remain in place after uninstallation.

View uninstallation instructions →

What are the risks and disclaimers?

Important disclaimers and risks:

• Users are solely responsible for proper backups before hardening
• Recovery from lockout requires hosting provider intervention
• TetsuVPS is not liable for data loss or access issues
• Hardening changes are irreversible
• Always test on staging environments before production
• Ensure you have multiple backup access methods before hardening

By using TetsuVPS, you acknowledge these risks and take full responsibility for maintaining proper backups and access methods.