Congratulations on your new VPS! At Theory7, we provide powerful virtual private servers that give you full control. But with that freedom comes responsibility. In this guide, we will walk you through the essential first steps to configure your VPS safely and correctly.

What You Receive After Purchase

Once your VPS is created, you will receive an email with the following information:

  • IP address: The public IP of your server
  • Root password: Your initial administrator password
  • SSH port: Usually port 22 (or a custom port)
  • Operating system: The installed Linux distribution

Keep this information safe - you will need it for the first login. It is also advisable to store this information in a secure place, such as a password manager, so you always have access.

First Time Logging in via SSH

Open your terminal and connect to your VPS:

ssh root@your-ip-address

On the first connection, you will receive a warning about the server fingerprint. Type yes to proceed. Then enter your root password.

If you have a custom SSH port:

ssh root@your-ip-address -p portnumber

Step 1: Change Root Password

The first thing you should do is change the default password:

passwd

Choose a strong password of at least 16 characters with letters, numbers, and special characters. A strong password is crucial to prevent unauthorized access. Keep this password safe in a password manager.

Step 2: Update System

Immediately update all software to the latest versions:

For Debian/Ubuntu:

apt update && apt upgrade -y

For CentOS/AlmaLinux:

dnf update -y

This installs the latest security patches and improvements. It is important to regularly update your system to close security vulnerabilities.

Step 3: Create a New Sudo User

Do not always work as root - create a separate user with sudo rights:

adduser youruser
usermod -aG sudo youruser

Test if sudo works by logging in as the new user:

su - youruser
sudo apt update

If this works, you can now work as this user instead of root. This reduces the risk of unintended changes to your system.

Step 4: Secure SSH

Secure SSH by disabling root login and using an SSH key.

Generate SSH Key (on your local computer)

ssh-keygen -t ed25519 -C "your@email.com"

Follow the instructions to generate your SSH key. Make sure to choose a secure location to store your key.

Copy Public Key to Server

ssh-copy-id -i ~/.ssh/id_ed25519.pub youruser@server-ip

Edit SSH Configuration

Edit the SSH config on your server:

sudo nano /etc/ssh/sshd_config

Change the following lines:

  • PermitRootLogin no
  • PasswordAuthentication no
  • PubkeyAuthentication yes

Restart SSH:

sudo systemctl restart sshd

First, test if you can still log in before closing your current session. This prevents you from locking yourself out.

Step 5: Configure Firewall

Install and configure UFW firewall:

sudo apt install ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

This blocks all incoming connections except SSH and web traffic. It is a good practice to regularly check your firewall and adjust it to your needs.

Step 6: Install Fail2ban

Fail2ban protects against brute force attacks:

sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

The default configuration automatically protects SSH against repeated login attempts. You can further customize the configuration to add specific rules that fit your situation.

Step 7: Enable Automatic Updates

Configure automatic security updates:

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

Select Yes to enable automatic updates. This ensures that your system is always up-to-date without manual intervention.

Next Steps

Now that your VPS is securely set up, you can proceed with:

  1. Installing a control panel - DirectAdmin or Plesk for easy management
  2. Configuring a web server - Apache, Nginx, or LiteSpeed
  3. SSL certificates - Lets Encrypt for free HTTPS
  4. Setting up monitoring - Keep an eye on resources with tools like Nagios or Zabbix

Common Issues

Cannot log in after SSH change

Use the console access in your hosting panel to restore SSH configuration. This can help you quickly regain access to your server.

Firewall blocks access

Log in via console and temporarily disable UFW: sudo ufw disable. Make sure to re-enable the firewall after resolving the issue.

Updates give errors

Check your internet connection and DNS: ping google.com. This can help identify network issues that may be blocking updates.

More information about VPS servers at Theory7

Need Help?

We are here for you! Are you facing any issues or do you have questions? Our support team is happy to assist you personally. Send us a message via the ticket system - we usually respond within a few hours and are happy to help.