First 5 Steps to Secure Your New Proxmox Server (SSH, Users & 2FA)

Welcome back to EngineerHow.com! Now that you have a fresh Proxmox VE installation running, the single most important next step is to secure it. A server exposed to the internet is a constant target for automated attacks. In this guide, we’ll walk through the essential first steps to harden your server by creating a non-root user for SSH and protecting your web UI login with Two-Factor Authentication (2FA).

This guide is part of our Proxmox series. If you haven’t installed Proxmox yet, start with our Ultimate Guide to Installing Proxmox on a Dedicated Server.

Step 1: Install the sudo Package

By default, Proxmox (which is based on Debian) does not include the sudo command. We need to install it to allow a normal user to perform administrative tasks without logging in as root.

  1. Log in to your Proxmox server’s shell as the root user (either via the web UI or SSH).

  2. Run the following command to install the package:

    # EngineerHow.com
    apt install sudo
    

Step 2: Create a New Non-Root User

Continuing as root, we’ll create a new user who will become our primary login for SSH.

  1. Use the adduser command. Remember to replace youradmin with a unique username of your choice.

    # EngineerHow.com - Replace 'youradmin' with your desired username
    adduser youradmin
    
  2. Follow the prompts to create a strong, unique password for this new user. You can leave the other information (Full Name, etc.) blank by pressing Enter.

Step 3: Grant Sudo Privileges

Now, we give our new user the ability to run commands as root by adding them to the sudo group.

  1. Execute the usermod command, again using the username you chose in the previous step.

    # EngineerHow.com - Replace 'youradmin' with the username you created
    usermod -aG sudo youradmin
    

Step 4: Disable Root Login via SSH

This is a critical security step. Disabling direct root login forces any potential attacker to guess both a username and a password, significantly increasing security.

  1. Log out of your root session. Open a new terminal and log in as your new user (youradmin) to test that everything works.

  2. Test your sudo access by running a command. It will ask for your (youradmin‘s) password.

    # EngineerHow.com
    sudo apt update
    
  3. Once confirmed, edit the SSH configuration file:

    # EngineerHow.com
    sudo nano /etc/ssh/sshd_config
    
  4. Find the line that says #PermitRootLogin prohibit-password (or similar) and change it to:

    # EngineerHow.com
    PermitRootLogin no
    
  5. Save and exit the editor (Ctrl+X, Y, Enter).

  6. Apply the change by restarting the SSH service:

    # EngineerHow.com
    sudo systemctl restart ssh
    

Step 5: Enable Two-Factor Authentication (2FA/TOTP)

Finally, let’s protect the most critical access point: the Proxmox web interface.

  1. Log in to the Proxmox Web UI as root.

  2. Navigate to Datacenter -> Permissions -> Two-Factor Authentication.

  3. Click Add.

  4. Give it an ID (e.g., google-auth).

  5. For User, select root@pam.

  6. Click Generate Key. A QR code will appear.

  7. Open your preferred authenticator app on your phone (Google Authenticator, Authy, etc.) and scan the QR code.

  8. Enter the 6-digit code from your app into the Verification Code field in Proxmox and click Add.

  9. CRITICAL: Click the Download button to save your one-time recovery keys. Store these in a secure password manager. Without them, you could be locked out of your account if you lose your phone.

Conclusion

That’s all there is to it! By creating a non-root user and enabling Two-Factor Authentication, you’ve significantly hardened your Proxmox server against common threats. These steps are some of the most important security improvements you can make for any server exposed to the internet.

What other Proxmox security tips do you rely on? Share your favorites in the comments below!

🔗 Useful Links 📺 EngineerHow YouTube Channel 

📢 About EngineerHow.com EngineerHow.com is dedicated to providing expert IT and engineering tutorials, helping professionals and enthusiasts set up servers, networks, and self-hosted solutions. Our guides focus on step-by-step instructions to make complex topics easy to understand. 🚀 Explore More IT Guides: EngineerHow.com

💬 Join the Discussion! Have questions about securing Proxmox or other Linux servers? Drop a comment below and let’s discuss!