Ubuntu VPS Initial Server Setup: A Step-by-Step Guide for Beginners

Why Initial Setup Matters

Spinning up a fresh Ubuntu VPS and leaving it at default settings is like moving into a new house and leaving every door unlocked. Before you deploy any application, you should harden the basics: create a non-root user, configure SSH key authentication, enable a firewall, and keep packages up to date. This guide walks you through every step on Ubuntu 22.04 LTS (the same steps apply to 24.04).

Step 1: Log In as Root

Your hosting provider will email you a root password or let you inject an SSH key during provisioning. Connect via:

ssh root@YOUR_SERVER_IP

Accept the host fingerprint when prompted. You're now inside the server.

Step 2: Update All Packages

Before doing anything else, pull in all security and stability updates:

apt update && apt upgrade -y

Reboot if a kernel update was applied: reboot

Step 3: Create a Non-Root User

Running everything as root is dangerous. One mistyped command can wipe the server. Create a regular user and give it sudo privileges:

adduser deploy
usermod -aG sudo deploy

Replace deploy with your preferred username.

Step 4: Set Up SSH Key Authentication

Password-based SSH logins are a brute-force target. Switch to key-based auth instead.

1. On your local machine, generate a key pair if you don't have one: ssh-keygen -t ed25519
2. Copy the public key to the server: ssh-copy-id deploy@YOUR_SERVER_IP
3. Test the key login before continuing: ssh deploy@YOUR_SERVER_IP

Step 5: Disable Root Login and Password Authentication

Edit the SSH daemon config:

sudo nano /etc/ssh/sshd_config

Set these values:

• PermitRootLogin no
• PasswordAuthentication no
• PubkeyAuthentication yes

Restart SSH: sudo systemctl restart ssh

Warning: Keep your current session open while testing a new SSH connection to avoid locking yourself out.

Step 6: Configure UFW Firewall

Ubuntu ships with UFW (Uncomplicated Firewall). Enable it with sensible defaults:

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow OpenSSH
sudo ufw enable

Add more rules as you install services — for example, sudo ufw allow 80/tcp for web traffic.

Step 7: Set the Correct Timezone

Accurate timestamps matter for logs and scheduled tasks:

sudo timedatectl set-timezone America/New_York

Run timedatectl list-timezones to find your zone.

Step 8: Enable Automatic Security Updates

sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades

This keeps critical security patches applied without manual intervention.

What's Next?

Your server is now in a solid baseline state. From here you can install a web server (Nginx or Apache), configure a database, deploy your application, and set up SSL certificates. Each of those topics has its own guide here on ServerKist — use the sidebar to continue your setup journey.