Ubuntu VPS hosting

[ Google AdSense — In-Article Ad ]

Introduction

Whether you just got a new VPS or set up a bare metal server, this guide walks you through every step to get Ubuntu 24.04 LTS production-ready. By the end, you will have a secure, optimized server with a non-root user, SSH key authentication, and firewall configured.

Prerequisites

  • A fresh Ubuntu 24.04 LTS server (VPS or bare metal)
  • Root access via SSH or console
  • A local machine with a terminal (Linux/Mac) or PuTTY (Windows)

Step 1 — Connect to Your Server

Connect to your server as root using SSH:

ssh root@YOUR_SERVER_IP

If using an SSH key:

#ssh -i ~/.ssh/id_rsa root@YOUR_SERVER_IP

Step 2 — Update System Packages

Always start by updating all packages to the latest versions:

#apt update && apt upgrade -y

Expected output:

Reading package lists… Done

Building dependency tree… Done

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Step 3 — Set the Correct Hostname

Set a proper hostname for your server. Replace ‘infratoai-server’ with your preferred name:

hostnamectl set-hostname infratoai-server

Verify it was set correctly:

#hostnamectl

Static hostname: infratoai-server

Operating System: Ubuntu 24.04.1 LTS

Kernel: Linux 6.8.0-31-generic

Step 4 — Create a New Non-Root User

Running as root is a security risk. Create a regular user and add it to the sudo group:

#adduser yourusername

#usermod -aG sudo yourusername

#Verify the user is in the sudo group:

#groups yourusername

#yourusername : yourusername sudo

Step 5 — Set Up SSH Key Authentication

On your LOCAL machine, generate an SSH key pair if you don’t have one:

#ssh-keygen -t ed25519 -C ‘your@email.com’

Copy the public key to your server:

ssh-copy-id yourusername@YOUR_SERVER_IP

Test that key login works before disabling password login:

ssh yourusername@YOUR_SERVER_IP

Step 6 — Harden SSH Configuration

Edit the SSH daemon configuration file:

#nano /etc/ssh/sshd_config

Find and change these lines:

PermitRootLogin no

PasswordAuthentication no

PubkeyAuthentication yes

Port 2222   # Optional: change default port

Restart SSH to apply changes:

systemctl restart sshd

Step 7 — Configure UFW Firewall

Enable and configure the UFW firewall:

#ufw allow 2222/tcp   # Allow your new SSH port

#ufw allow 80/tcp     # HTTP

#ufw allow 443/tcp    # HTTPS

#ufw enable

Check firewall status:

#ufw status verbose

Status: active

To                         Action      From

—                         ——      —-

2222/tcp                   ALLOW IN    Anywhere

80/tcp                     ALLOW IN    Anywhere

443/tcp                    ALLOW IN    Anywhere

Step 8 — Set the Correct Timezone

Set your server timezone:

#timedatectl set-timezone Asia/Kolkata

Verify:

#timedatectl

Local time: Thu 2025-01-16 14:30:00 IST

Time zone: Asia/Kolkata (IST, +0530)

Step 9 — Enable Automatic Security Updates

Install unattended-upgrades to automatically apply security patches:

#apt install unattended-upgrades -y

#dpkg-reconfigure –priority=low unattended-upgrades

Select Yes when prompted. This keeps your server patched without manual work.

Step 10 — Final Verification Checklist

  1. SSH in as your new user (not root) — confirm it works
  2. Run: sudo apt update — confirm sudo works
  3. Run: ufw status — confirm firewall is active
  4. Run: systemctl status sshd — confirm SSH is running
  5. Run: timedatectl — confirm correct timezone

Troubleshooting

Problem: Locked out after disabling password authentication

If you get locked out, access your server via the hosting provider’s console (Hostinger, AWS, etc.) and re-enable PasswordAuthentication yes in /etc/ssh/sshd_config, then set up keys properly.

Problem: UFW blocking everything

If you lose SSH after enabling UFW, disable it via console: ufw disable — then add the correct rules before re-enabling.

What’s Next?

Now that your server is set up and secured, here are the recommended next steps:

  • Install Docker on Ubuntu 24.04 → (link to your next tutorial)
  • Set Up Prometheus + Grafana Monitoring → (link)
  • Install Kubernetes with kubeadm → (link)

This tutorial is part of the InfratoAI Linux series. Questions? Leave a comment below.