After acquiring a VPS from any provider, we typically gain shell access to the root user. At this point, our first steps should include installing essential libraries and implementing basic security measures before proceeding with any deployment tasks. These tasks are also relevant for other servers with freshly installed operating systems. I executed these commands on an
Ubuntu 22.04 machine. However, there isn't a significant difference in the commands if the distribution varies. In most cases, merely switching the package manager will be sufficient. For instance, in the case of
CentOS, you would use
dnf/yum instead of
Update and Upgrade Packages
SSH into the server and update the package lists and upgrade the installed packages to their latest versions.
sudo apt update sudo apt upgrade
Install Essential Packages
These packages are often necessary for server management and administration.
sudo apt install curl wget vim net-tools git
Set the correct timezone for the server. Using
UTC as the system's timezone is a common practice for servers because it provides consistency and avoids potential issues with time discrepancies when dealing with multiple systems in different time zones.
sudo timedatectl set-timezone utc
Secure SSH login
To enhance security it is good to apply the follwing changes.
- Disallow root login.
- Configure public key authentication and disallow password based login .
We need to create a user first.
sudo adduser <username>
After confirming the informations, a new user account is will be created on the Ubuntu system. The user will have its home directory located at
/home/<username>, and the user can log in using the password we set during the creation process. Use another terminal and check the login of the new user. If the user can login successfully we will proceed disabling root login and configuring public key authentication.
sudo vim /etc/ssh/sshd_config
Find and set
no and set
no. Save the file and exit the editor. Do not log out from the ssh session yet.
Open another terminal from the local machine and execute this command. This command will copy our public key to the
authorized_keys file of the server. It will create directories if not already there. Use the new
<username> we just created in the place of
cat ~/.ssh/id_rsa.pub | ssh USER@HOST "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
There is a chance that a newly created
authorized_keys file or
.ssh folder will not have the correct file permissions. For this we need to issue the follwing command from the logged in terminal of the server.
chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys
Now restart the ssh service.
sudo systemctl restart sshd
By default, Ubuntu Server comes with the
ufw (Uncomplicated Firewall) tool. If not installed, it can be installed by this command
sudo apt install ufw sudo ufw enable
Enable the firewall and allow necessary connections and ports. We will allow
sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw reload
We can verify the
ufw rules by the following command.
sudo ufw status
Our basic setup is finished. We can further secure our server by installing
fail2ban and enabling automatic updates.