Server Security Improvement
Technical Background
Default cloud servers are often configured for convenience rather than security. Common issues include password-based SSH access, open firewall rules, and outdated software packages. This exercise demonstrates how to improve server security by:
- Using public key authentication instead of passwords
- Limiting network access with a minimal firewall configuration
- Keeping the system up to date
- Deploying a basic web service (NGINX) under these security constraints
Solution
Creating a Firewall
In the Hetzner Cloud Console:
- 
Go to Firewalls→Create Firewall
- 
Add one inbound rule: - Protocol: ICMP
- Action: Allow
 
- 
Save the firewall, for example as icmp-only-fw
Uploading and Using a Public SSH Key
- 
Navigate to Security→SSH Keys
- 
Upload your public SSH key and mark it as default
Info
This ensures passwordless and more secure authentication.
Creating a Server Using Firewall and SSH Key
- 
Deploy a new server using the same ImageandTypeas before
- 
Select the icmp-only-fwfirewall and your uploaded SSH key
- 
After deployment, note the server’s public IP 
Testing ICMP and SSH Connectivity
Run this command in your local terminal:
ping <ypur-server-ip>
Info
The server responds to ICMP packets, confirming that the firewall rule works.
Try to connect to your server via SSH:
ssh root@<your-server-ip>
Note
Your connection should time out because port 22 is not allowed by the firewall
Allowing SSH
- In the Hetzner Cloud Console go to Firewalls
- Edit your created rule and add a new inbound rule:- Protocol: TCP
- Port: 22
- Action: Allow
 
- Retry the SSH Connection:
ssh root@<server-ip>
hostname
Note
This time your login should succed. This should not require a password because the SSH key was used.
Updating and Rebooting the Server
Run these commands in a terminal on your server:
apt update
apt upgrade -y
aptitude -y upgrade
reboot
Info
This ensures all packages and the kernel are up to date.
Installing NGINX on the Server
To install the webser NGINX run this commands:
apt install nginx -y
To verify that the installation was successful use:
systemctl status nginx
Note
The output should show NGINX running and enabled.
Local HTTP Test
- 
On the server run: bash wget -O - http://<your-server-ip>Note You should see the NGINX welcome page HTML returned. 
- 
Open http://<your-server-ip>in your local machine browserNote This should fail because port 80 is still blocked by the firewall 
Allowing HTTP Access
- In the Hetzner Cloud Console go to Firewalls
- 
Edit your created rule and add a new inbound rule: - Protocol: TCP
- Port: 80
- Action: Allow
 
- 
Retry to visit the site in your browser from your local machine. Note Now the NGINX welcome page should load successfully.