Set Up VPS on Debian


Setting Up Your First VPS: Secure Configuration Guide

When setting up a new VPS, securing access is critical to prevent unauthorized usage.

In this guide, you'll:

  • create a new user
  • disable SSH root access
  • configure SSH key-based authentication for added security.

Step 1: Initial Login as Root

By default, VPS providers often grant root access. Start by logging in using the provided credentials:

ssh root@<your-server-ip>

Update and Upgrade Packages

apt update && apt upgrade -y

Step 2: Create a New User

Replace <username> with your preferred username:

# -m create home directory
# -s /bin/bash set shell to bash
# -G sudo add user to sudo group
useradd -m -s /bin/bash -G sudo <username>

Set a password for the user: Will be required to send ssh key with ssh-copy-id command.

passwd <username>

In case of delete the User:

userdel -r <username>

-r: Removes the user's home directory.

Step 3: Configure SSH Key-Based Authentication

3.1. Generate an SSH Key Pair (Local Machine)

On your local machine (not the VPS), check if you already have an SSH key:

ls ~/.ssh

Look for files like id_rsa and id_rsa.pub. If these files exist, you already have an SSH key. Skip to 3.2 to retrieve your public key.

If no SSH key exists, generate one with the following command:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
 
# or
ssh-keygen -t rsa -b 4096 -f ~/.ssh/my_key
  • -t rsa: Specifies the RSA algorithm.
  • -b 4096: Sets the key size to 4096 bits (more secure).
  • -C "your_email@example.com": Adds a comment to identify the key.

Follow the prompts:

  • Press Enter to save the key in the default location (~/.ssh/id_rsa).
  • Optionally, set a passphrase for additional security.

3.2. Copy the Public Key to the VPS

Your public key is stored in the file ~/.ssh/id_rsa.pub. To display it, run:

ssh-copy-id <username>@YOUR_VPS_IP
 
# or
ssh-copy-id -i ~/.ssh/my_key.pub <username>@YOUR_VPS_IP

3.4. Test SSH Key Authentication

On your local machine, test the connection to your VPS using the myuser account:

ssh <username>@<your-server-ip>
 
# if using port:
ssh -p <port> <username>@<your-server-ip>
 
# or with new key path
ssh-copy-id -i ~/.ssh/my_key.pub <username>@YOUR_VPS_IP

If the setup is correct, you’ll log in without being prompted for a password.

Step 4: Disable Root SSH Login

Edit the SSH Configuration File

Open the SSH daemon configuration file:

sudo vi /etc/ssh/sshd_config

Update the Following Settings

Disable root login:

PermitRootLogin no

Disable password authentication:

PasswordAuthentication no

Save and Exit the file, then restart the SSH service:

sudo systemctl restart sshd

Step 5: Final Security Check

Test New Configuration

Open a new terminal and verify that:

  • You can log in with the new user.
  • Root login is disabled.
  • Password-based login is disabled.
  • Firewall Setup (Optional)

Enable the firewall and allow only SSH traffic:

ufw allow OpenSSH
ufw enable

Step 6: Backup and Monitor

Backup Your SSH Keys Ensure your private key is securely stored on your local machine.

Monitor Login Attempts Check login activity using:

cat /var/log/auth.log

Optional: Install Docker

sudo apt update
sudo apt install -y ca-certificates curl gnupg

Add Docker’s official GPG key

sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

Add the repository to your sources list:

echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Install Docker Engine

sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Allow your user to run Docker without sudo. Add your <username> user to the docker group.

sudo usermod -aG docker <username>

Log out and log back in to apply the changes.

exit

Test Docker installation:

docker run hello-world
Comments (0)

Be the first to comment.

Published Nov 21, 2024 | Updated Aug 4, 2025