lilJ/self-host-101
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
82a345126734d7c4d911e1cf41898e4fc5c364fb
self-host-101/setup-vps.md
Kulvir Singh d427122222 setup a new VPS
2025-10-15 01:43:32 +05:30

86 lines
2.7 KiB
Markdown
Raw Blame History

# First steps on a new VPS
1. SSH into your server
```bash
ssh root@192.168.1.1
```
2. Update packages
```bash
apt update && apt upgrade
```
`apt update` will fetch the changes from package repository but wouldn't update them. `apt upgrade` will actually update the packages.
3. Change the root password from the password provided in the dashboard of VPS.
```bash
passwd
```
4. Create non root user. Always follow least priviliged permissions principle.
```bash
adduser <name>
```
It will ask few questions answer them and it will create a new user.
5. `adduser` created a normal user without elevated permissions. This user cannot perform priviliged operations.
We can add them to **super user (sudo)** group so that it can perform priviliged operations using `sudo`.
```bash
usermod -aG sudo <name>
```
6. Logout from root user and ssh again to newly created user. You should never login to root user (wise ppl said so).
```bash
ssh <name>@192.168.1.1
```
# Secure the VPS
## Get a domain for the VPS
Get a Domain from wherever and set `A Record` to the server's IP address. It might take some time to update the A record for you Domain.
Now you can directly access VPS using domain name and don't have to remember IP address.
You can test if `A Record` has been updated for your domain or not using the following command.
```bash
dig domain-name.com A
```
## Setup SSH keys
Generate SSH key pair to login to VPS.
```bash
ssh-keygen -t ed25519
```
After generating keys, copy the `public` key to VPS and add it to `~/.ssh/authorized_keys` file.
```bash
ssh-copy-id -i ~/.ssh/vps_key.pub <user-name>@<domain-name>
```
Running the above command might prompt you for the password for you account on VPS.
This command will automatically setup the `public` key inside `authorized_keys` file of the specified user.
Password-less authentication is setup.
## Disable password authentication
Set the following items in your ssh config located usually at `/etc/ssh/sshd_config` to make it more secure.
```text
PermitRootLogin no # Disable login to Root account
PubKeyAuthentication yes # Authentication using public keys
PasswordAuthentication no # Disable password authentication to secure from bot attacks
```
Your VPS might contain a file named `/etc/ssh/sshd_config.d/50-cloudimg-settings.conf` where `PasswordAuthentication` is set to yes. Either delete that file or just set it to no.
After all these changes restart the `ssh daemon`
```bash
sudo service ssh restart
```
## Firewall
Setup firewall rules from the dashboard of your VPS or you can use **uncomplicated firewall (ufw)** and setup `Inbound` rule to only following ports:
```text
SSH: 22
HTTP: 80
HTTPS: 443
```
**Do not expose any port other than the above unless needed.**
Reference in New Issue View Git Blame Copy Permalink