4.3 KiB
First Steps on a New VPS
1: Connect to Your Server
Open terminal and run the following command using the IP address of your VPS.
ssh root@192.168.1.1
When prompted for password, enter the password and you will logged into your VPS.
2: Update Your Server
apt update && apt upgrade
apt update- Downloads a list of available updates (doesn't install them yet)apt upgrade- Actually installs the updates
3: Change the Root Password
You might want to change the root password to something more secure than the password from the VPS provider's dashboard.
passwd
Enter the new password and you are good to go.
4: Create a New User (Don't Use Root!)
Root user has the permissions to perform any operation. This could be a security risk. Therefore it is always recommended to create a normal user for daily usage.
adduser new_user
The user we just created can not perform priviliged operation.
We'll add it to the sudo group, which lets them run commands as priviliged user using sudo.
usermod -aG sudo new_user
sudostands forsuper user do
5: Switch to Your New User
Now log out and log back in as your new user instead of root.
ssh new_user@192.168.1.1
Use the password of new_user that you set while creating it.
From now on, we'll use this user instead of root!
Secure Your VPS
Now that your server is set up, let's make it much more secure. We'll:
- Set up a domain name
- Use SSH keys instead of passwords
- Disable password login
- Set up a firewall
Get a Domain Name for Your VPS
Buy a domain from any registrar (Namecheap, Google Domains, Cloudflare, etc.)
In your domain's DNS settings, create an A Record:
- Name:
@(or leave blank for root domain) - Value: Your server's IP address (like
192.168.1.1) - TTL: Leave default
Wait a few minutes for DNS to update.
Test if it's working
dig domain.com A
You should see your IP address in the output. If not, wait a bit longer - DNS changes take time to propagate.
You can access your server using ssh new_user@domain.com. It's a lot more convenient.
Set Up SSH Keys (Passwordless Login)
- Generate an SSH key pair on your computer
ssh-keygen -t ed25519 -f ~/.ssh/id_vps -N ""
This creates two files
~/.ssh/id_vps- private key keep this secret! Never share it!~/.ssh/id_ed25519.pub- public key, safe to share
- Copy your public key to the server:
ssh-copy-id new_user@yourdomain.com
It automatically adds your public key to the server's ~/.ssh/authorized_keys file, so your computer can log in without a password.
Disable Password Authentication
Now that passwordless login works, disable password authentication entirely. This prevents bots from trying to guess your password.
WARN: Make sure SSH login works first! If you disable passwords and your key doesn't work, you'll be locked out.
On your server, edit the SSH configuration
sudo vim /etc/ssh/sshd_config
Make sure you have following settings in your ssh config
PermitRootLogin no # Prevents logging in as root
PubKeyAuthentication yes # Allows SSH key authentication
PasswordAuthentication no # Disable password login
Some VPS providers have an additional config file. Check if this file exists
sudo cat /etc/ssh/sshd_config.d/50-cloudimg-settings.conf
If it exists and has PasswordAuthentication yes, change it to no or just delete this file.
sudo rm /etc/ssh/sshd_config.d/50-cloudimg-settings.conf
After making all these changes restart SSH
sudo service ssh restart
Set Up a Firewall
Firewall monitors and controls the incoming and outgoing network traffic based upon predefined security rules. To protect against unauthorized access and potential threats, you should disable incoming traffic on all ports except:
22: SSH80: HTTP443: HTTPS
NOTE: Don't expose any other port unless you know what you're doing. Each open port is a potential entry point for attackers.
To achieve this you can navigate to the dashboard of your VPS provider. You can add ports 22, 80, and 443 for inbound traffic. Allow outbound connections open on all ports. You can additionally restrict outbound connections too if needed.