Checklist: Bought a VPS — What’s Next?
Published on 2025-09-22
Getting a new VPS is just the beginning. By default, the server is insecure and not ready for production use. This checklist will help you step by step to prepare your VPS: close security holes, enable updates, and configure the basic infrastructure.
1. First login and changing the root password
Connect to the server via SSH:
ssh root@YOUR_IP_ADDRESS
Change the temporary password to your own unique and complex one:
passwd
2. Create a new user with sudo
Working as root all the time is dangerous. Let’s create a regular user:
adduser username
usermod -aG sudo username
3. Setting up SSH keys
Passwords can be brute-forced, keys — almost never. Generate keys on your local machine:
ssh-keygen -t ed25519
Copy the public key to the server:
ssh-copy-id username@YOUR_IP_ADDRESS
Test the login. Then set the correct permissions:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
4. SSH hardening: disable unnecessary options
Open the config:
sudo nano /etc/ssh/sshd_config
Change or add the following lines:
PermitRootLogin no
PasswordAuthentication no
Port 2222
⚠️ Don’t forget to allow the new port in the firewall, otherwise you’ll lose access. Restart SSH:
sudo systemctl restart ssh
5. Update the system
For Debian/Ubuntu:
sudo apt update && sudo apt upgrade -y
sudo apt autoremove -y
For CentOS/RHEL:
sudo dnf update -y
It’s recommended to enable automatic security updates:
sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades
6. Basic firewall
UFW allows you to block everything unnecessary:
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2222/tcp
sudo ufw allow http
sudo ufw allow https
sudo ufw enable
7. Fail2Ban against brute-force
Install and enable:
sudo apt install fail2ban -y
sudo systemctl enable --now fail2ban
Make a copy of the config:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
In jail.local you can configure bantime and maxretry.
8. Timezone and NTP
Correct time = correct logs and cron jobs.
timedatectl list-timezones
sudo timedatectl set-timezone Europe/Moscow
timedatectl status
9. Clean up unnecessary stuff
Check which ports the server is listening on:
ss -tuln
See enabled services:
sudo systemctl list-unit-files --state=enabled
Remove everything that’s not needed.
10. Backups
Backups are more important than any configuration. Minimum option:
rsync -a /important/data user@backup:/backups/server-name/
More reliable tools: BorgBackup, Restic, Duplicity. Best practice — store backups on another server or in the cloud. Periodically check that recovery actually works.
Conclusion
Now your VPS is protected against basic attacks, runs with up-to-date packages, and is ready for application deployment. Next steps — set up monitoring, containerization (Docker, Podman), and CI/CD, but the basic foundation is already in place.
Recommended resources
Related reviews
Mikhail helped set up the website very quickly. I would’ve definitely been fiddling with it all day. It’s great when a professional saves your time and delivers high-quality work. I recommend him!
N_Konstantin · VPS setup, server setup
An established customer2025-10-21 · ⭐ 5/5
Mikhail was very prompt in helping set up the website. I would definitely have been tinkering with it all day. It's nice when a professional helps save your time and does the work at a high level. I recommend him!
The most qualified, top-notch specialist who knows his stuff.
Alexeyvodopyanov · VPS setup, server setup
Experienced buyer2025-10-21 · ⭐ 5/5
The most qualified and coolest specialist who knows their stuff
Everything is fast and high-quality
Alexeyvodopyanov · VPS setup, server setup
Experienced buyer2025-10-16 · ⭐ 5/5
Everything fast and high-quality
The task was completed in 30 minutes! I recommend!
fedinseo · VPS setup, server setup
A very powerful buyer2025-10-15 · ⭐ 5/5
The task was completed in 30 minutes! I recommend it!
I really enjoyed working with Mikhail. During the telephony setup, CRM integration bugs surfaced — they weren't his responsibility, but he forwarded everything to the developers and secured a quick fix. As a result, we received a working solution in no time. I can confidently recommend Mikhail! We'll reach out to him again for other matters.
ilya_krylov · I'll set up SIP telephony at the office or at home and deploy MikoPBX SIP on a server.
A very powerful buyer2025-10-10 · ⭐ 5/5
I really enjoyed working with Mikhail; during the telephony setup integration bugs with the CRM surfaced. Mikhail wasn't responsible for them, but he forwarded everything to the developers and achieved a quick fix. As a result, we received a working solution in the shortest possible time. I can confidently recommend Mikhail! We'll reach out again for other matters!
Mikhail is an outstanding professional! You can tell he has a great deal of experience. The work was done precisely and on time. We had to tinker a bit because the project installed on the server wasn't perfect, but Mikhail carefully and thoughtfully guided us on what to do and how. In the end, everything worked! I recommend him to anyone who values quality.
N_Konstantin · VPS setup, server setup
A settled customer2025-10-10 · ⭐ 5/5
Mikhail is an excellent performer! You can tell he has a wealth of experience. The work was done precisely and on time. We had to tinker due to imperfections in the project that was being installed on the server, but Mikhail carefully and thoughtfully advised what to do and how to do it. In the end, everything worked! I recommend him to anyone for whom the quality of work is important!