How to Configure Your First VPS Server in 6 Steps (Beginner’s Guide 2025)

Not sure how to configure your new VPS? You’ve come to the right place.

This step-by-step guide has helped thousands of website owners get their virtual servers up and running, and now, it’s going to help you as well. Even if you’ve never managed a virtual server before, you can follow the instructions and get your project underway in less than an hour.

We haven’t got much time to lose, so without further ado, let’s take a closer look at the steps.

1. Access the Server via SSH

A typical VPS supports many communication protocols, but the one you need to use in this case is SSH.

SSH stands for Secure Shell, and it’s designed to allow you to execute commands remotely. It uses encryption to protect the communication between your home computer and your virtual server and ensure no one can see the information being exchanged.

Establishing an SSH connection is pretty straightforward.

If your home computer uses a Unix-based operating system like Linux or macOS, you can use the Terminal. On a Windows machine, you can open a shell with either PowerShell or the Command Prompt (cmd.exe).

The built-in tools do the job, but many people still prefer to use dedicated SSH client applications like PuTTY because of their convenient features. These apps can save sessions, store keys, and remember credentials for you, saving you a lot of time when connecting to your server.

Accessing the VPS via SSH for the first time requires the login credentials provided by your host. In the command line, you need to enter:

ssh [username]@[server IP]

The server will receive the request via port 22, identify the username (if you’re logging in with the root user, it’s “root”), and ask for your p​a​s​s​w​o​r​d. After you provide the correct details, the server will display a welcome message in the command-line interface.

With that, you have logged into your new VPS for the first time.

2. Update the Server

Keeping the software on your VPS up-to-date is a significant part of ensuring it’s fast, reliable, and secure. Updates include security patches for various vulnerabilities that occasionally crop up, as well as new features and performance enhancements. After your first login, it’s a good idea to ensure all the latest versions are installed.

Different distributions use different package managers – the tools used for installing and managing software in Linux. Debian-based distributions like Ubuntu are usually equipped with APT, whereas most Red Hat-based systems like Rocky Linux and Fedora use DNF.

Some legacy Red Hat-based distros still use the YUM package manager, in which case, you’ll need to replace dnf in the commands below with yum. That said, you’re unlikely to be using an operating system this old.

The update process starts with refreshing the package lists and identifying new versions of the installed software. For Ubuntu and other Debian-based distributions, for example, you’ll use:

$ apt update

For Red Hat-based distributions, the command is:

$ dnf check-update

Next, you tell the server to install the updates.

For Debian-based distributions, the command is:

$ apt upgrade

In Red Hat-based distributions, you need to use:

$ dnf update

The process may take a while. After the update, it’s a good idea to restart the server using the reboot command.

3. Set up a Firewall

A firewall is a basic security feature present on almost any server. However, this doesn’t make it any less important.

The firewall controls your VPS networking ports and decides what traffic passes through them. It filters incoming requests and ensures data integrity.

You’d think that setting up a firewall yourself is tricky, but fortunately, this isn’t the case. Before we get to the actual steps, however, let’s take a closer look at the tools you will be using.

The Linux ecosystem has produced several firewall solutions over the years, but the one that has fared the best is iptables. Because it has withstood the test of time so well, either iptables or its successor, nftables, is built into almost every Linux system nowadays.

It’s a packet filtering and Network Address Translation system that works with the Netfilter framework to give you complete control over all traffic on your server. As their names suggest, iptables and nftables use tables. The tables contain chains, which, in turn, contain rules.

The difference between the two is in the syntax.

The use of tables, chains, and rules makes your firewall incredibly powerful, but the downside is that it’s not exactly straightforward to work with out of the box. Fortunately, there are a couple of firewall management applications that can make your life a whole lot easier. You’ll want to use them when setting up your virtual server.

• UFW

UFW stands for Uncomplicated Firewall, a user-friendly command-line utility that lets you control iptables’s rulesets with fewer commands and a more intuitive syntax. Although it can be used on Red Hat-derived operating systems, UFW is pre-installed and primarily aimed at Debian-based systems.

If you don’t have it on your Debian server, you can easily install it with the following command:

$ apt install ufw 

If you’re not using the root account, you’ll need to add the sudo prefix to the front. It’s a good idea to remove any other firewall management tools. Otherwise, you risk hitting conflicts and potential stability issues.

Another recommended step is to reset all UFW rules with the following:

$ ufw reset

At this point, it’s essential to enable SSH immediately, or you risk locking yourself out. The command is:

$ ufw allow OpenSSH

The next port of call is to set the default policy. The recommended settings block all incoming and allow all outgoing traffic. The commands are:

$ ufw default deny incoming
$ ufw allow outgoing

Blocking any incoming traffic is recommended as a security baseline. However, if you leave the settings in this state, your website won’t be accessible to the outside world. To ensure it is, you need to enable HTTP and HTTPS connections:

$ ufw allow http
$ ufw allow https

Some of you may notice that we’re not enabling FTP. That’s because SSH allows you to upload and manage files through a more secure SFTP connection. All you need to do is select the correct protocol in your FTP client when connecting to your server.

With that, all essential services should be up and running. To double-check, run:

$ ufw status

Make sure everything looks good, and pay particular attention to SSH. If the protocol is disabled, you may get locked out. The changes take effect after you enable UFW.

$ ufw enable

• Firewalld

Many people believe that Firewalld is just UFW for Red Hat-based distributions, but this is not strictly the case.

The two utilities have different syntaxes and differ slightly in how they handle rules. Firewalld introduces zones that allow for more flexible control over incoming traffic. You don’t need to restart the service every time you make changes to the configuration, which in turn means that it’s easier to find GUI-based management tools for it.

Overall, Firewalld is a more advanced firewall management utility with a broader range of features and traffic filtering mechanisms. However, the steps to set it up and configure it are similar.

Your first job is to install Firewalld if you don’t have it already. On Red Hat-based systems, you do it via:

$ dnf install firewalld

 Next, you need to start the service and ensure it fires up at every boot:

$ systemctl start firewalld
$ systemctl enable firewalld

By default, Firewalld allows all outgoing traffic, so to set up a secure baseline, you just need to set the default policy to block incoming requests. You can do that using:

$ firewall-cmd –set-default-zone=drop

It’s now essential to allow SSH connections and ensure you don’t lock yourself out. The command is:

$ firewall-cmd –zone=public –add-service=ssh –permanent

Yet again, HTTP and HTTPS are the other two services you need to allow:

$ firewall-cmd –zone=public –add-service=http –permanent
$ firewall-cmd –zone=public –add-service=https –permanent

Finally, reload the firewall to save all changes:

$ firewall-cmd –reload

NOTE: If you’re not using the root user, all commands listed above must be preceded by the sudo prefix.

4. Create a New User

Until now, we’ve assumed you’re using the server’s root user.

The root user in Linux is the system’s owner. Its privileges are unlimited – as long as you’re logged in as root, you can do anything with the server.

Any small mistake could have dire consequences because of the elevated privileges, so creating a second account with superuser permissions is generally considered good practice. With it, you can still configure your server’s most important settings. Still, you’ll need to add the sudo prefix to every command, and you’ll have quite a few more warnings and prompts when performing tasks that require administrative privileges.

It may seem like a minor difference, but there are a few reasons why you should consider doing it:

• The root account has completely unrestricted access. The wrong command could do irreparable damage, and there are no warnings to make you think twice.
• Using the root account will leave no audit trail. Debugging is more problematic, and finding out what happened if a security breach occurs will be difficult.
• Root accounts are often targeted by brute-force attacks. The reason is that the default username is always “root.”
• A second user account gives you better access control. You can apply the principle of least privilege and revoke access or restrict it to specific commands.

After you’re logged in as root, you can create a new user account with:

$ adduser [the new user’s username]

If the server doesn’t automatically ask you to set a p​a​s​s​w​o​r​d for the new user, you can do it with:

$ passwd [the new user’s username]

Next, you need to assign the new user account to the admin group. There are variations in the way Linux distributions treat users. In Debian-based systems like Ubuntu, the default admin user group is sudo. In Red Hat-based distributions like CentOS and Rocky Linux, however, it’s called wheel.

Hence, if you use a Debian-based server, you need to enter:

$ usermod -aG sudo [the new user’s username]

And if your VPS runs on a Red Hat-based distribution, you need:

$ usermod -aG wheel [the new user’s username]

With a couple of additional commands, you can confirm that the process has been successful.

First, switch to the new account with the following:

$ su – [the new user’s username]

Then, check whether the new user has superuser privileges with:

$ sudo whoami

The output should read root.

You now have an account with superuser privileges, so you can safely disable SSH access for the original root user. This reduces the attack surface during a brute-force campaign against your server and helps you prevent a security breach that could have serious consequences.

First, ensure the root user is logged out (you can use the exit command) and open a new SSH session using the account we just created.

Disabling root SSH access means editing the primary SSH configuration file, so it’s a good idea to create a backup before you continue. Go to the root directory (the one denoted by a single forward slash /) and enter the following:

$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_old

Now, you can open the sshd_config file and make the necessary changes. You can use any text editing utility you want. In our example, we chose Nano because it’s renowned as one of the most user-friendly utilities of its kind. The command is:

$ sudo nano /etc/ssh/sshd_config

After you provide your account’s p​a​s​s​w​o​r​d, Nano will open the SSH configuration file. Find the line that says:

PermitRootLogin yes

and change it to

PermitRootLogin no

If there is a # character at the beginning of the line, remove it. Press ctrl/cmd + X to exit and save the changes when prompted. Finally, it’s time to restart the SSH service. 

$ sudo systemctl restart sshd

In some cases, you might need to use ssh instead of sshd. With that, you have a new superuser account, and the root user is disabled.

5. Change the Default SSH Port

Port 22 is SSH’s default listening port. Users know that, and so do hackers.

A strong p​a​s​s​w​o​r​d limits the risks to a certain extent, but it’s still better to ensure that the door the criminals are knocking on is locked.

Yet again, we need to edit the primary SSH configuration file. If you don’t have a backup of it, create one now.

After going back to the root directory, enter:

$ sudo nano /etc/ssh/sshd_config

Locate the line that says:

Port 22

If there is a # character at the beginning of the line, remove it and replace 22 with any number between 1024 and 65535. Ports below 1024 are privileged and usually require root permissions, so it’s not a great idea to use them. The port you choose mustn’t be used by any other services.

Your next job is to ensure your firewall accepts connections at that port.

The exact command depends on your firewall management utility.

For UFW, it’s:

$ sudo ufw allow [the custom SSH port number]/tcp

And for Firewalld, it’s:

$ sudo firewall-cmd –permanent –add-port=[the custom SSH port number]/tcp
$ sudo firewall-cmd –reload

Finally, restart the SSH service to ensure the changes take effect. The command is:

$ sudo systemctl restart ssh

for Debian-based distros and

$ sudo systemctl restart sshd

for Red Hat-based systems.

Generate SSH Keys

Changing SSH’s default listening port protects your servers against automated scripts that scan the internet in an attempt to infiltrate random servers. However, to block targeted attacks, it’s best to beef up your authentication mechanism as well.

The traditional username-and-p​a​s​s​w​o​r​d system can be efficient if you choose a strong enough p​a​s​s​w​o​r​d, but an SSH public-and-private key pair makes for a more secure setup. To use it, you first need to generate the said keys.

In Windows, the easiest option is to use the PuTTYgen application bundled with the popular SSH client. After you open it and click Generate, it will use the random motions of the mouse cursor to create one public and one private key. You can also set a passphrase that works alongside the key pair for additional security.

The private key remains on your computer, so you can click Save private key and decide where to store it. You’ll also need to upload the public one to your server, but before we get to that, let’s see how Linux and MacOS users generate their keys.

Unix-based operating systems have a built-in utility called ssh-keygen, which allows them to create key pairs without installing additional software.

The command for creating a key pair looks like this:

$ ssh-keygen -t rsa -b 4096 -C “[your email address]”

The Terminal will ask you to choose a file path for your private key. By default, it saves it in ~/.ssh/id_rsa. 

Finally, it requests a passphrase, after which it saves your public and private keys in the same folder. The public key gets a .pub extension, so if the private one is saved as ~/.ssh/id_rsa, the public will be stored in ~/.ssh/id_rsa.pub. You can open it with Nano and see the public key. Now, you need to copy it to your server.

Open a new SSH session and go back to your user’s home directory. This is the folder you land in after you log in, but you can ensure you’re in the right place by entering:

$ cd ~

If you enter pwd at this point, the output should be /home/[your account’s username]/.

Create a folder to host your public key and set the correct permissions for it:

$ mkdir ~/.ssh
$ c​h​m​o​d 700 ~/.ssh

Next, you need to create a file where you’ll paste your public key. Once again, we’ll use the Nano text editor:

$ nano ~/.ssh/authorized_keys

Copy the public key and paste it in Nano. Save the file and exit.

On Linux and MacOS, you log in through the Terminal as usual.

If you use Windows, open PuTTY, go to its settings, and click Connection > SSH > Auth. In the Private Key File for Authentication field, select your private key and save the changes.

If you don’t use other devices to log into your server, you can disable your account’s p​a​s​s​w​o​r​d authentication.

To do that, you need to edit the SSH configuration file – etc/ssh/sshd_config. It’s as simple as changing the PasswordAuthentication value from Yes to No.

ScalaHosting Managed cloud VPS Benefits

Setting up your virtual server wouldn’t be a concern if you choose one of our managed cloud hosting plans. With them, you’ll get a cloud VPS that is already pre-configured and ready to use. The operating system, firewall, and all other tools and utilities required to keep your website online are set up by ScalaHosting’s experts. You don’t need to think about finding the right command, applying the correct settings, or enforcing the best firewall rules. Instead, you can focus on building your new website.

And to do it, you won’t need to open even a single SSH connection. Secure shell is supported and available to all users on the server, and you can even request root access if you need to tweak the server’s core settings. However, you also have a much more user-friendly alternative – SPanel.

SPanel is a unique server management platform that allows you to manage everything from files, databases, and email accounts to services, DNS settings, and some core server settings.

Instead of executing complex commands, you click buttons, enable toggle switches, and select values from drop-down menus. You get access to every conceivable feature to easily start and develop your project. Even if you have no previous server or website management experience, you’ll get used to the interface in no time.

If you need more information regarding our services, do not hesitate to contact our sales specialists. 

Conclusion

Configuring a self-managed VPS is not a set-and-forget task.

It’s up to you to ensure the machine performs at its best at all times, which isn’t exactly straightforward. Provided you invest enough time and effort – you can master the VPS operation and run your server without breaking a sweat.

If manually configuring a virtual server is not your cup of tea, leave it to the professionals and opt for a first-class managed VPS solution.

FAQ

Q: How does a VPS work?

A: With guaranteed hardware resources and a dedicated IP, a VPS acts as a completely separate server instance, so configuring it involves the same steps as setting up a regular server – choosing an operating system, installing essential software, security monitoring, etc.

Q: How do I connect to a VPS?

A: You can connect to your VPS through various protocols, but the one you’ll use to execute commands is SSH. It provides an encrypted connection through which you can communicate with the server’s operating system and perform a wide range of tasks.

Q: What is a VPS used for?

A: Typically, managed VPS packages are optimized for hosting websites. You get a control panel with various features for managing files, folders, databases, etc. If you opt for a self-managed solution, you get root access and can install pretty much any software you want. A self-managed machine can easily turn into a gaming server, a mail server, an app server, or whatever else you need.