How to Set Up a Linux VPS from Scratch

When your VPS is provisioned, you will receive an IP address, a root password or SSH key, and a port number. Connect using SSH: `ssh [email protected] -p 22`. On first login, immediately change the root password with `passwd` if you received a default one. This is a critical first step since default passwords are frequently targeted by automated scanners within minutes of a server going online. Next, update all system packages. On Debian/Ubuntu run `apt update && apt upgrade -y`. On AlmaLinux or CentOS use `dnf update -y`. Keeping packages current closes known vulnerabilities before you even begin configuring services. Set your server hostname with `hostnamectl set-hostname your-server-name` and update `/etc/hosts` to reflect it. Set your timezone with `timedatectl set-timezone UTC` - UTC is recommended for servers because log timestamps remain consistent regardless of daylight saving changes. Finally, verify NTP sync is active with `timedatectl status` to ensure time-sensitive operations like TLS certificates behave correctly.

Running everything as root is a serious security risk. Create a dedicated administrative user with `adduser adminuser`, then grant it sudo privileges with `usermod -aG sudo adminuser` on Debian/Ubuntu or `usermod -aG wheel adminuser` on RHEL-based systems. From this point forward, you should perform all administrative tasks via this user and sudo, not as root directly. Copy your SSH public key to the new user so you can log in without a password: `ssh-copy-id [email protected]`. If you are setting up SSH keys for the first time, generate them locally with `ssh-keygen -t ed25519 -C "your-label"`. The ed25519 algorithm is preferred over RSA for new keys due to its superior security and shorter key size. Test that you can log in as the new user and run `sudo whoami` before proceeding. Once confirmed, you can disable direct root SSH login as described in the security section. Locking root login is one of the most effective single steps to reduce automated attack surface on any public-facing server.

Install essential tools that you will need for almost every server task. On Debian/Ubuntu: `apt install -y curl wget git unzip htop vim ufw fail2ban`. These cover file transfer, version control, archive handling, process monitoring, text editing, the firewall frontend, and automated login protection. On RHEL-based systems use `dnf` in place of `apt`. Configure fail2ban with its default settings as a quick win. The default jail bans IPs that fail SSH login 5 times within 10 minutes for 10 minutes. Edit `/etc/fail2ban/jail.local` to increase the ban time to 3600 seconds for better protection. Restart with `systemctl restart fail2ban` and check status with `fail2ban-client status sshd`. Set up unattended security upgrades so critical patches apply automatically. On Ubuntu: `apt install unattended-upgrades && dpkg-reconfigure --priority=low unattended-upgrades`. This ensures your server stays patched even between maintenance windows. For production servers, configure email notifications so you are alerted when upgrades are applied or when a reboot is required.

Before declaring your VPS ready, run through a quick checklist. Confirm the firewall is active with `ufw status` and that only necessary ports are open. Check that SSH is listening on your configured port with `ss -tlnp | grep ssh`. Verify fail2ban is running and the SSH jail is active. Review `/var/log/auth.log` (or `/var/log/secure` on RHEL) to see if any unauthorized attempts have already been made. Run `systemctl list-units --failed` to see if any services failed to start during boot. Address any failures before adding more software. A clean systemd state means your baseline is solid. Check disk usage with `df -h` and memory with `free -m` to understand your resource headroom before deploying applications. From here, your next steps depend on your use case. Install Nginx or Apache if you are hosting web applications, configure Docker if you prefer containerized deployments, or set up a LAMP/LEMP stack for traditional PHP applications. An offshore VPS from Anubiz Host gives you full root access with no content restrictions, making it an ideal environment for this kind of custom configuration.