Setting up a Virtual Private Server for the first time can feel intimidating. You have root access to a Linux machine, a blinking terminal cursor, and the entire internet telling you different things. This guide cuts through the noise and walks you through every step, from your first SSH connection to a fully secured, production-ready server.
By the end of this tutorial, you will have a VPS running Ubuntu 24.04 LTS with SSH key authentication, a firewall, automatic security updates, and a basic web server. No prior Linux experience required.
What You Need Before You Start
Before we begin, make sure you have the following:
- A VPS running Ubuntu 24.04 LTS (or any recent Debian-based distribution). Most providers, including MassiveGRID, let you select your OS during provisioning.
- Your server's IP address and root password (provided in your welcome email or control panel).
- A terminal application: Terminal on macOS/Linux, or Windows Terminal with OpenSSH (built into Windows 10+).
Step 1: Connect to Your VPS via SSH
SSH (Secure Shell) is the standard way to remotely manage Linux servers. Open your terminal and run:
ssh root@YOUR_SERVER_IPReplace YOUR_SERVER_IP with the actual IP address of your VPS. The first time you connect, you will see a fingerprint confirmation prompt. Type yes and press Enter. Then enter the root password provided by your hosting provider.
If you are on Windows and prefer a graphical interface, you can use PuTTY, but the built-in Windows Terminal with OpenSSH works just as well and does not require any extra software.
Step 2: Update Your System
The first thing you should do on any fresh server is update all packages to their latest versions. This patches known security vulnerabilities and ensures compatibility:
apt update && apt upgrade -yThis command fetches the latest package lists (apt update) and then upgrades all installed packages (apt upgrade -y). The -y flag automatically confirms the upgrade. On a fresh server, this typically takes one to two minutes.
Step 3: Create a Non-Root User
Running everything as root is a security risk. If an attacker compromises your session, they have unrestricted access to your entire system. Create a regular user and grant it administrative privileges:
# Create a new user (replace 'deploy' with your preferred username)
adduser deploy
# Add the user to the sudo group
usermod -aG sudo deployThe adduser command will prompt you to set a password and fill in optional profile information. Remember this password; you will need it when running sudo commands.
Step 4: Set Up SSH Key Authentication
Password-based SSH login is vulnerable to brute-force attacks. SSH keys are both more secure and more convenient. Here is how to set them up:
Generate a Key Pair (On Your Local Machine)
If you do not already have an SSH key, generate one on your local computer (not the server):
ssh-keygen -t ed25519 -C "your_email@example.com"Press Enter to accept the default file location. Optionally set a passphrase for an extra layer of security. This creates two files: a private key (~/.ssh/id_ed25519) and a public key (~/.ssh/id_ed25519.pub).
Copy the Public Key to Your Server
ssh-copy-id deploy@YOUR_SERVER_IPThis command copies your public key to the server's ~/.ssh/authorized_keys file. You will be prompted for the password you set in Step 3. After this, you can log in without a password:
ssh deploy@YOUR_SERVER_IPStep 5: Disable Root Login and Password Authentication
Now that you can log in with your SSH key as a non-root user, lock down the SSH configuration:
sudo nano /etc/ssh/sshd_configFind and modify these lines (or add them if they do not exist):
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yesSave the file (Ctrl+O, then Enter, then Ctrl+X) and restart SSH:
sudo systemctl restart sshdImportant: Before closing your current session, open a new terminal window and verify you can still log in with
ssh deploy@YOUR_SERVER_IP. If you lock yourself out, you will need to use your provider's console access to fix the configuration.
Step 6: Configure the Firewall with UFW
UFW (Uncomplicated Firewall) is the simplest way to manage iptables rules on Ubuntu. Enable it and allow only the traffic you need:
# Allow SSH connections (critical - do this before enabling!)
sudo ufw allow OpenSSH
# Allow HTTP and HTTPS for web traffic
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Enable the firewall
sudo ufw enable
# Verify the rules
sudo ufw status verboseYou should see output confirming that ports 22, 80, and 443 are allowed, with all other incoming traffic denied by default. This alone blocks the vast majority of automated attacks targeting random ports.
Step 7: Enable Automatic Security Updates
Unpatched software is one of the most common attack vectors. Configure your server to automatically install security updates:
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgradesSelect "Yes" when prompted. This enables automatic installation of security patches. Your server will check for updates daily and apply critical fixes without manual intervention.
Step 8: Install a Web Server
Most people set up a VPS to host websites or web applications. Nginx is the most popular choice for its performance and low memory footprint:
sudo apt install nginx -y
# Start Nginx and enable it on boot
sudo systemctl start nginx
sudo systemctl enable nginxOpen your browser and navigate to http://YOUR_SERVER_IP. You should see the default Nginx welcome page. Your web server is running.
Optional: Install Additional Software
Depending on your use case, you may also want to install:
- PHP and MySQL/MariaDB for WordPress and other CMS platforms
- Node.js for JavaScript applications
- Docker for containerized deployments
- Certbot for free SSL certificates from Let's Encrypt
Step 9: Set Up SSL with Let's Encrypt
Once you have pointed a domain name to your server's IP address (via an A record in your DNS settings), you can install a free SSL certificate:
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.comCertbot will automatically configure Nginx to use HTTPS and set up certificate auto-renewal. You can verify the renewal process works by running:
sudo certbot renew --dry-runStep 10: Set Up Basic Monitoring
Knowing what is happening on your server is crucial. Here are some quick commands to check system health:
# Check disk usage
df -h
# Check memory usage
free -m
# Check running processes
htop # (install with: sudo apt install htop)
# Check system logs
sudo journalctl -xe --no-pager | tail -50For more robust monitoring, consider setting up a tool like Netdata, which provides a real-time web dashboard for CPU, memory, disk, and network metrics with zero configuration.
Quick Reference: Essential Commands
| Task | Command |
|---|---|
| Update packages | sudo apt update && sudo apt upgrade -y |
| Restart a service | sudo systemctl restart nginx |
| Check service status | sudo systemctl status nginx |
| View firewall rules | sudo ufw status |
| Check disk space | df -h |
| Check memory | free -m |
| View recent logs | sudo journalctl -xe |
| Reboot the server | sudo reboot |
Common Mistakes to Avoid
- Running everything as root. Always use a regular user with
sudofor administrative tasks. - Forgetting to allow SSH before enabling UFW. This will lock you out of your own server.
- Not setting up SSH keys. Password authentication leaves your server vulnerable to brute-force attacks. Fail2ban can help, but SSH keys are the real solution.
- Ignoring updates. Even with unattended-upgrades, periodically log in and run a full upgrade to catch non-security package updates.
- Not testing configuration changes. Always keep an active SSH session open when modifying SSH or firewall settings, so you have a fallback if something goes wrong.
Choosing the Right VPS Specs
How much power you need depends entirely on your use case:
| Use Case | vCPU | RAM | Storage |
|---|---|---|---|
| Personal blog or portfolio | 1 | 1 GB | 25 GB SSD |
| Small business website | 2 | 2 GB | 50 GB SSD |
| Web app (Node.js, Django, Rails) | 2 | 4 GB | 80 GB SSD |
| Multiple sites or staging environments | 4 | 8 GB | 160 GB SSD |
The advantage of a cloud VPS is that you can start small and scale up as your needs grow, without migrating to a new server.
Get Started with Your First VPS
If you are ready to put this guide into practice, MassiveGRID's Cloud VPS plans start at $1.99/month with data centers in New York, London, Frankfurt, and Singapore. Every VPS runs on Proxmox HA clusters with Ceph distributed storage, which means your data is replicated across multiple physical drives and your server automatically fails over to healthy hardware if anything goes wrong. It is the kind of reliability you usually only find at much higher price points. Choose your region, pick your specs, and you can be SSH-ing into your new server within minutes.