CloudLinux.ro
Guides

First steps after buying a VPS: secure it in 10 minutes

Updated 7/18/2026

A server exposed to the internet starts receiving automated login attempts within the first hour. The good news: a few minutes of configuration removes almost every common risk. Run the steps below as root, right after your first connection.

1. Update the system

apt-get update -y && apt-get upgrade -y

2. Create a dedicated user

Do not work as root permanently. Create an account with admin rights:

adduser deploy
usermod -aG sudo deploy

3. Key-based SSH, no passwords

Add your public key for the new user and disable password authentication:

sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
systemctl restart ssh || systemctl restart sshd

Make sure you added the key before running this, otherwise you lock yourself out.

4. Enable a firewall

apt-get install -y ufw
ufw allow OpenSSH
ufw --force enable

5. Install fail2ban

Automatically bans addresses that try to guess the password:

apt-get install -y fail2ban
systemctl enable --now fail2ban

That is it. In ten minutes you have an updated server, key-only access, an active firewall and brute-force protection. If you want to automate these steps on every new server, save them as a recipe in your account.

Put this guide into practice on your own VPS

EU cloud servers, billed hourly, ready in minutes, with one-click installs for dozens of apps.

See pricing

Related tutorials