lilJ/self-host-101
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
50e2bc819691064953ffc01a7b83fbc46f7a2d59
self-host-101/setup-vps.md
Kulvir Singh d427122222 setup a new VPS
2025-10-15 01:43:32 +05:30

2.7 KiB
Raw Blame History

First steps on a new VPS

  1. SSH into your server
ssh root@192.168.1.1
  1. Update packages
apt update && apt upgrade

apt update will fetch the changes from package repository but wouldn't update them. apt upgrade will actually update the packages.

  1. Change the root password from the password provided in the dashboard of VPS.
passwd
  1. Create non root user. Always follow least priviliged permissions principle.
adduser <name>

It will ask few questions answer them and it will create a new user.

  1. adduser created a normal user without elevated permissions. This user cannot perform priviliged operations. We can add them to super user (sudo) group so that it can perform priviliged operations using sudo.
usermod -aG sudo <name>
  1. Logout from root user and ssh again to newly created user. You should never login to root user (wise ppl said so).
ssh <name>@192.168.1.1

Secure the VPS

Get a domain for the VPS

Get a Domain from wherever and set A Record to the server's IP address. It might take some time to update the A record for you Domain. Now you can directly access VPS using domain name and don't have to remember IP address. You can test if A Record has been updated for your domain or not using the following command.

dig domain-name.com A

Setup SSH keys

Generate SSH key pair to login to VPS.

ssh-keygen -t ed25519

After generating keys, copy the public key to VPS and add it to ~/.ssh/authorized_keys file.

ssh-copy-id -i ~/.ssh/vps_key.pub <user-name>@<domain-name>

Running the above command might prompt you for the password for you account on VPS. This command will automatically setup the public key inside authorized_keys file of the specified user. Password-less authentication is setup.

Disable password authentication

Set the following items in your ssh config located usually at /etc/ssh/sshd_config to make it more secure.

PermitRootLogin no          # Disable login to Root account

PubKeyAuthentication yes    # Authentication using public keys

PasswordAuthentication no   # Disable password authentication to secure from bot attacks

Your VPS might contain a file named /etc/ssh/sshd_config.d/50-cloudimg-settings.conf where PasswordAuthentication is set to yes. Either delete that file or just set it to no.

After all these changes restart the ssh daemon

sudo service ssh restart

Firewall

Setup firewall rules from the dashboard of your VPS or you can use uncomplicated firewall (ufw) and setup Inbound rule to only following ports:

SSH: 22
HTTP: 80
HTTPS: 443

Do not expose any port other than the above unless needed.