After ordering your VPS, it's important to take a few extra steps to secure and prepare your server for use.
This guide walks you through some essential tasks you should complete after your VPS is made available to use.
This guide assumes you are using Debian or Ubuntu, however the commands are mostly similar across all Linux Distributions.
VPS Installs rely on OS Templates and depending on the OS that you've chosen at install time, the templates could be very old. Therefore, they are likely to contain some vulnerabilities that can be easily patched. Simply run an OS Update.
For Debian and Ubuntu: sudo apt update && sudo apt upgrade -y
If you are logged in as root and get a message saying that the 'sudo' command cannot be found, simply omit 'sudo' from the command and run apt update.
We have international clients, and therefore, it's impossible for us to ensure that OS Templates always have the correct timezone. Most of the time they are set to Europe/London.
You can update your timezone by running sudo timedatectl set-timezone Europe/London. In this case, we're setting it to Europe/London, but if you want to find a list of timezones available to set, you can run timedatectl list-timezones
Using the root account for everything is often discouraged due to the risk that comes with it. A root account can make any system changes and there's no going back. Therefore, it's advised to instead create a named account with sudo privileges, so you can elevate your account as and when you need to.
Create a new user: adduser yourusername
Give the new user sudo privileges: usermod -aG sudo yourusername
We recommend doing the following to help secure SSH:
Edit the SSH config file to make these changes by running sudo nano /etc/ssh/sshd_config
Uncomment PermitRootLogin no to disallow the root user to login to your VPS over SSH.
UFW (Uncomplicated Firewall) is a fairly easy package to use and maintain.
Install UFW: sudo apt install ufw
Set Default Deny Rule for inbound traffic: sudo ufw default deny incoming
Set Default Allow Rule for Outbound traffic: sudo ufw default allow outgoing
Allow SSH Access: sudo ufw allow ssh (if you are using a custom port then change this to sudo ufw allow x/tcp , replacing 'x' with your port number)
Enable the Firewall: sudo ufw enable
The above configuration is very basic. In production environments we'd recommend restricting inbound SSH connections from a trusted IP Address.
Our VPS Platform will automatically assign the hostname based on the name that you picked during checkout. However, you can change it using this command: sudo hostnamectl set-hostname yournewhostname
We recommend installing unattended-upgrades on your VPS, which will automatically install security updates.
Install Unattended Upgrades: sudo apt install unattended-upgrades
Configure Unattended Upgrades: sudo dpkg-reconfigure --priority=low unattended-upgrades
You will be presented with a screen that asks you to confirm the types of updates you want to install automatically.
If you have a Managed VPS, please contact our Support Team if you would like us to configure any of this for you.
