9 things to do after buying a VPS

There are some few steps that you should take to setup your VPS to survive the Internets viciousness and to make it more convenient for your use. Below are some of the things I do on any VPS I purchase. Most of my VPS run on Centos so am going to use Centos based commands and file paths for this illustration. But you can of course use the same guidelines and change the commands used to suite your distro.

1. Update the system

When you setup a new VPS, its important to run an update of all packages available even before you start using it. In centos, this can be done by running a simple yum update command

[root@host ~]# yum update -y

2. Change your hostname

The default hostname that a VPS comes with is normally hard to memorize. Ideally, a hostname is supposed to be a reference to an IP address, so that we use the hostname instead of the harder to memorize IP address to access the server. So we need to customize the hostname to something you would love to use – not struggle to use otherwise we’d be beating this logic

The first step is to create an A record of your hostname so it resolves to your VPS IP, then add it as follows from terminal.

[root@host ~]# hostnamectl set-hostname serv.domain.tld

3. Change your time and timezone

Its convenient to use your local time and timezone for your VPS. This helps applications to provide logs using a timestamp that translates to local time

You can update time zone using the command below:

[root@host ~]# timedatectl set-timezone Africa/Nairobi

You can also sync your time with a local time ntp server. In Kenya, for instance, we can use 0.ke.pool.ntp.org

[root@host ~]# yum install -y ntpdate

[root@host ~]# ntpdate 0.ke.pool.ntp.org

You can check out more ways to manage time on this link You can also check your local ntp server here

4. Install useful utilities

I have never had a server and failed to want to use vim or wget. I always find myself in a situation where I’ll need them. So, why not install them once and for all? Also, I find the epel repositiry to be very useful

[root@host ~]# yum install -y vim wget screen epel-release

5. Configure sudoer

Its common practice to disable root login to your server. This means you need t configure another username to use for remote logins. You want to be able to use sudo with such a user hence must configure the user to be a sudoer too. Run command below to create a user called wallace

[root@host ~]# useradd wallace

[root@host ~]# usermod -aG wheel wallace

Then add the line below in the sudoers file, which can be accessed by typing visudo


6. Change SSH port from default 22

Changing the default SSH port is an important step towards securing your server even from automated script brute force attacks. You can miss every other step stated before and after this one, but never fail to change your SSH port. Its advisable to select a port greater than 1000 as most ports below that are assigned to various common services already, and assigning the same port to different services causes issues.

[root@host ~]# vim /etc/ssh/sshd_config

[root@host ~]# systemctl restart sshd

7. Configure ssh key login

It is more convenient and safer to use ssh keys to login compared to passwords authentication. This can be configured in the ssh configuration file. In /etc/ssh/sshd_config file, set PubkeyAuthentication to yes

8. Update user passwords

Change the password your VPS provider sent you to something different.

[root@host ~]# passwd

Changing password for user root.

New password:

Retype new password:

9. Install a firewall.

All Internet accessible servers need a firewall, no matter what app will be running there. Personally, I like csf so that’s what I install for my VPS normally. SO first, disable possibly preconfigured firewalls such as firewalld or selinux (common with OVH VPS). Then install csf.

[root@host ~]# cd /usr/src; rm -fv csf.tgz; wget https://download.configserver.com/csf.tgz; tar -xzf csf.tgz;cd csf; sh install.sh

After that, remember to remove csf from TESTING mode by setting TESTING =0 in /etc/csf/csf.conf file and then enable lfd so they auto start anytime system is rebooted.

[root@host ~]# systemctl enable lfd

That should set you up well to start off running your application now.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *