You just deployed a VPS. You have root access and a fresh Ubuntu installation. Here's exactly what to do in the first 30 minutes.
Step 1: Update Everything (2 minutes)
apt update && apt upgrade -y
Fresh installations often have pending security patches. Update immediately.
Step 2: Create a Non-Root User (3 minutes)
Never run services as root. Create a regular user:
adduser yourusername
usermod -aG sudo yourusername
Test the new user:
su - yourusername
sudo whoami # Should output "root"
Step 3: SSH Key Authentication (5 minutes)
On Your Local Machine
ssh-keygen -t ed25519 -C "your-email@example.com"
ssh-copy-id yourusername@your-vps-ip
On the VPS
sudo nano /etc/ssh/sshd_config
Change these settings:
| Setting | Change To | Why |
|---------|----------|-----|
| PermitRootLogin | no | Block direct root SSH |
| PasswordAuthentication | no | Key-only access |
| PubkeyAuthentication | yes | Enable key auth |
| Port | 2222 (optional) | Avoid port scanners |
Restart SSH:
sudo systemctl restart sshd
Important: Test the new SSH config in a separate terminal before closing your current session.
Step 4: Firewall Setup (3 minutes)
sudo apt install ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2222/tcp # SSH (or 22 if you kept default)
sudo ufw allow 80/tcp # HTTP
sudo ufw allow 443/tcp # HTTPS
sudo ufw enable
Verify:
sudo ufw status
Step 5: Fail2Ban (3 minutes)
Protect against brute force attacks:
sudo apt install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local
Key settings:
| Setting | Value | Purpose |
|---------|-------|---------|
| bantime | 3600 | Ban for 1 hour |
| findtime | 600 | Within 10-minute window |
| maxretry | 3 | After 3 failed attempts |
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
Step 6: Essential Software (5 minutes)
sudo apt install -y curl wget git htop unzip nano vim software-properties-common apt-transport-https
Step 7: Timezone and Locale (1 minute)
sudo timedatectl set-timezone Europe/Amsterdam
Verify:
timedatectl
Step 8: Automatic Security Updates (2 minutes)
sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades
Select "Yes" to enable automatic security updates.
Step 9: Swap Space (For Low-RAM VPS)
If your VPS has 1-2GB RAM, add swap:
sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
Post-Setup Checklist
| Task | Status | |------|--------| | OS updated | Done | | Non-root user created | Done | | SSH key auth configured | Done | | Root login disabled | Done | | Firewall enabled | Done | | Fail2ban running | Done | | Essential tools installed | Done | | Timezone set | Done | | Auto-updates enabled | Done | | Swap configured (if needed) | Done |
Your VPS is now secure and ready for whatever application you want to deploy.
Space-Node's VPS hosting deploys with a fresh Ubuntu or Debian installation. NVMe SSD storage means these initial setup commands run fast, and the KVM virtualization gives you a real dedicated kernel for full control.
