BasicServerSetup

June 17, 2026

In this article I will cover the first steps you should do when booting up a fresh new (Cloud VM, VPS, Bare Metal Server, etc.), I will be referring to this article in the future.

The steps are simple but very important to guard the security of your online resources. Nobody wants to fall victim to a simple bot crawling the internet and bombarding sites with basic exploits or even password spraying attacks!! So let’s dive right in.

Log in as ROOT

Just ssh to your IP and log in to your root account

Create a non-root user with sudo privileges

adduser MY-NEW-USER

usermod -aG sudo MY-NEW-USER

Give your new user a nice long password with letters, characters, numbers. Or just use a password generator.

Setup SSH for new user

On your local machine generate a key pair

ssh-keygen -t ed25519

this will create two files: a private and a public key. Go ahead and copy the contents of the public key then login to the remote server create the (~/.ssh/authorized_keys) file then paste the contents there. Try logging in as the newly created user with the ssh. If succeded close the window where you’re logged in root.

Most Cloud Providers will just prompt you for a username and password while resource provisioning, this user will have sudo privileges and the root account would be disabled by default. If you want to change the root password just

sudo passwd root

Enhancing the Security

let’s disable password login for ssh, this is really important to fend off password spraying attacks. Just edit the /etc/ssh/sshd_config file by setting the PasswordAuthentication no

disable the root Login by setting PermitRootLogin no then reload the ssh daemon.

sudo systemctl reload sshd

change the default ssh port, now this will not protect you against AI bots but it will limit scanning.

Setting up a firewall

install UFW if it is not already installed then allow the Openssh service and enable the firewall

ufw allow OpenSSH
ufw enable