Your first 30 minutes on a new VPS
What this is
The short list that turns a freshly provisioned VPS into a server you can trust, in roughly the order that pays off fastest. One thing to know before starting: our deploy and reinstall forms front-load several of these steps, SSH keys, login mode, even creating your user, so if you set them there, some steps below are already done. Each step notes both routes.
Minute 0: get in
ssh [email protected] with the password shown at deploy (or your key, if you set one on the form). First-time prompts and fallbacks are in Connecting to your VPS.
1. Update everything
The image is fresh, but the world moved since it was built:
apt update && apt upgrade -y # Debian/Ubuntu
dnf upgrade -y # AlmaLinux/Rocky
Reboot if a kernel update landed (reboot, it takes seconds now and gets awkward later). Then put security patches on autopilot, unattended-upgrades / dnf-automatic, the two-minute version is in Securing your VPS.
2. Create your everyday user
Working as root full-time means every typo runs with full power. Give yourself a normal account with sudo:
- The form way: the deploy and reinstall forms have a user section, name, password, its own SSH key and login mode, and the account is created with the OS.
- The manual way:
adduser deploy
usermod -aG sudo deploy # Debian/Ubuntu (RHEL-family: -aG wheel)
Log in as that user for daily work; sudo when you need power, root when you truly need root.
3. Switch to SSH keys, then close the password door
The single biggest security upgrade of the half hour:
- The form way: at deploy or reinstall, pick a saved key (or paste one, or import straight from GitHub/GitLab) and set the login mode to Login with SSH Key Only, done before the server even exists, and it keeps you clear of the port-22 brute-force firewall forever.
- The manual way: add your public key to
~/.ssh/authorized_keys, confirm key login works in a second terminal, then setPasswordAuthentication noin/etc/ssh/sshd_configand restart SSH. Generation and details: Securing your VPS, and save the key on the SSH Keys page so every future deploy is one click.
Either way, keep the root password stored safely, the browser Console still uses it, and it's your no-lockout guarantee.
4. Name and clock
Cosmetic, but done once and never again:
hostnamectl set-hostname myserver
timedatectl set-timezone UTC
(The hostname may already be what you typed at deploy. UTC is the sane server default, logs from every machine line up, and cron doesn't jump around with DST; set a local zone only if your applications genuinely need it.)
5. Add your own firewall layer
Your Linux VPS already sits behind our managed edge firewall for the riskiest app ports; add the general-purpose layer inside, allow before enable:
ufw allow 22/tcp
ufw default deny incoming
ufw enable
Open more only as you serve more (80/443 when the website arrives). The order matters, here's why.
6. Turn on backups today
The step everyone defers and someone always regrets: enable Nightly Backups ($5/month, tonight becomes your first restore point, included free on Premium), and once there's real data, add the off-site routine. Doing this before the server matters is what makes every future mistake boring.
Done. Where to next?
That's a patched, keyed, firewalled, backed-up server, from here it branches:
- Put something live: host a website, or pick a control panel if you want point-and-click.
- Bringing an existing setup? From shared hosting or from another server.
- The deeper hardening pass when you're ready: Securing your VPS and Securing publicly accessible services.
And if any step above fought back, paste the exact error into an AI chatbot, this checklist is territory they know cold.
Still need help?
You can open a support ticket. So we can help on the first reply, it's worth mentioning:
- the VPS hostname or IP,
- which step fought back, with the exact command and its output.
Related questions
- "What should I do first on a new VPS?"
- "How do I create a sudo user on my VPS?"
- "Should I disable root password login, and how?"
- "What timezone should my server use?"
- "How do I set up a firewall on a fresh VPS?"
- "Can I set up my SSH key and user before the VPS is created?"