← Back to Blog

How to Set Up an Ubuntu VPS for the First Time (2026)

Published May 4, 2026 · 7 min read · Galaxy Cloud Solutions

You just got SSH credentials to a fresh VPS. Now what? A new server needs a few things configured before it is ready to use safely — a non-root user, SSH key authentication, a firewall, and some basic hardening. This takes about 15 minutes and is worth doing before you install anything else.

⚡ VPS from $5/mo — Use code LAUNCH2026 for 50% off

Step 1: Log In as Root

ssh root@your-server-ip

Most VPS providers give you a root password or let you set one during setup. Log in and change the root password immediately if you have not already:

passwd

Step 2: Update the System

apt update && apt upgrade -y

Step 3: Create a Non-Root User

Running everything as root is a bad habit. Create a regular user with sudo access:

adduser yourname
usermod -aG sudo yourname

Step 4: Set Up SSH Keys

On your local machine, generate an SSH key pair if you do not have one:

ssh-keygen -t ed25519 -C "[email protected]"

Copy your public key to the server:

ssh-copy-id yourname@your-server-ip

Test that it works before disabling password login:

ssh yourname@your-server-ip

Step 5: Disable Root Login and Password Auth

sudo nano /etc/ssh/sshd_config

Change or add these lines:

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
sudo systemctl restart ssh

Step 6: Set Up the Firewall

sudo apt install -y ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable

Add rules for any services you plan to run. For a web server:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Step 7: Install Fail2ban

sudo apt install -y fail2ban
sudo tee /etc/fail2ban/jail.local << 'EOF'
[DEFAULT]
bantime  = 3600
findtime = 600
maxretry = 5

[sshd]
enabled = true
EOF
sudo systemctl enable --now fail2ban

Step 8: Set the Timezone and Hostname

sudo timedatectl set-timezone America/Chicago
sudo hostnamectl set-hostname your-server-name

Step 9: Enable Automatic Security Updates

sudo apt install -y unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

That is the baseline. Your server now has a non-root user, SSH key authentication, a firewall, brute force protection, and automatic security updates. From here you can install whatever you need.

Related Articles

How to Set Up SSH Keys on a VPS How to Set Up Fail2ban on a VPS How to Secure a Linux VPS How to Set Up a Reverse Proxy With Nginx

New VPS — from $5/mo

Galaxy Cloud Solutions provisions VMs with fail2ban and basic hardening already configured. 28 one-click apps in the dashboard. Use code LAUNCH2026 for 50% off your first month.

Get Started