How to Set Up a Linux VPS from Scratch — Complete 2026 Guide

What This Guide Covers

You have just deployed a fresh Germany VPS from GermanyVPS.com. Your inbox has an email with an IP address, username (root), and password. This guide takes you from that blank server to a production-ready Linux VPS in under 30 minutes — properly secured, optimised, and ready for whatever you want to deploy on it.

We use Ubuntu 22.04 LTS throughout — the most widely-supported VPS Linux distribution with the best package ecosystem and documentation. Every command in this guide has been tested on a fresh GermanyVPS.com deployment.

Prerequisites: Germany VPS with Ubuntu 22.04 deployed. SSH client on your local machine (built into Windows 10/11, Mac, and Linux). Your VPS IP address and root password from the deployment email. If you have never connected via SSH before, read our SSH connection guide first.

Step 1 — Connect and Update

The very first action on any new server is updating all packages to get the latest security patches:

Bash — First connection

# Connect from your local machine
ssh root@YOUR_VPS_IP

# Once connected, update everything
apt update && apt upgrade -y && apt autoremove -y

# Verify your server specs (Ryzen 9950x should show)
lscpu | grep "Model name"
free -h           # RAM
df -h /           # Disk space
ip addr show      # Your Frankfurt IP

Step 2 — Create a Non-Root User

Running everything as root is dangerous — one mistake, one compromised credential, and an attacker has full control. Create a regular user with sudo privileges immediately:

Bash

# Create your user (replace 'yourname' with your actual username)
adduser yourname
usermod -aG sudo yourname

# Verify sudo works before closing root session
su - yourname
sudo whoami   # Should output: root
exit          # Back to root

Step 3 — Set Up SSH Keys

SSH key authentication is dramatically more secure than password login. Run this from your local machine (not the server):

Bash — Run on your LOCAL machine

# Generate an Ed25519 SSH key pair (if you don't have one)
ssh-keygen -t ed25519 -C "germany-vps"

# Copy your public key to the new user account on your VPS
ssh-copy-id yourname@YOUR_VPS_IP

# Test key auth works (should NOT ask for password)
ssh yourname@YOUR_VPS_IP

For detailed SSH key setup instructions across all platforms, see our complete SSH connection guide.

Step 4 — Harden SSH and Disable Root Login

Now that your user account works with SSH keys, lock down the server's SSH configuration:

Bash — On your VPS (as root)

# Copy SSH key to root account too (so you keep root access via key)
mkdir -p /root/.ssh
cp /home/yourname/.ssh/authorized_keys /root/.ssh/

# Harden SSH config
nano /etc/ssh/sshd_config
# Set these values:
# PasswordAuthentication no
# PermitRootLogin prohibit-password
# MaxAuthTries 3
# X11Forwarding no

# CRITICAL: Test in a second terminal before restarting SSH
systemctl restart ssh
# Open new terminal, verify you can still connect

Always test before closing: After restarting SSH, open a second terminal and test you can still connect. If you cannot, you still have your first session open to fix the config. Never close your working session until you confirm the new config works. See the full VPS security hardening guide for all 10 steps.

Step 5 — Configure the Firewall

Enable UFW (Uncomplicated Firewall) with a minimal ruleset — allow only what your server actually needs:

Bash

apt install -y ufw

# Set secure defaults
ufw default deny incoming
ufw default allow outgoing

# Allow SSH (do this BEFORE enabling — or you lock yourself out!)
ufw allow 22/tcp

# Add other ports based on what you're running:
ufw allow 80/tcp     # HTTP (if running web server)
ufw allow 443/tcp    # HTTPS (if running web server)

# Enable the firewall
ufw enable
ufw status verbose   # Verify rules are correct

Step 6 — Install Fail2ban

Fail2ban automatically bans IPs that show brute-force behaviour — essential protection even with password auth disabled:

Bash

apt install -y fail2ban
systemctl enable --now fail2ban
fail2ban-client status sshd  # Verify SSH jail is active

Step 7 — Add SWAP Space

SWAP acts as overflow RAM — when physical memory fills, the OS moves less-used data to disk SWAP rather than killing processes. On NVMe, SWAP is faster than on any SATA system. Add SWAP equal to your RAM size:

Bash — Add 2GB SWAP (adjust size as needed)

# Check if SWAP already exists
swapon --show

# Create a 2GB SWAP file
fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile

# Make SWAP permanent (survives reboots)
echo '/swapfile none swap sw 0 0' | tee -a /etc/fstab

# Optimise SWAP aggressiveness (10 = only use SWAP as last resort)
echo 'vm.swappiness=10' >> /etc/sysctl.conf
sysctl -p

# Verify SWAP is active
free -h

Step 8 — Set Timezone and Hostname

Bash

# Set timezone (Frankfurt — for EU-focused servers)
timedatectl set-timezone Europe/Berlin
timedatectl       # Verify

# Set a meaningful hostname
hostnamectl set-hostname my-germany-vps
hostname          # Verify

# Update /etc/hosts to match
nano /etc/hosts
# Add or update: 127.0.1.1  my-germany-vps

Step 9 — Enable Automatic Security Updates

Bash

apt install -y unattended-upgrades
dpkg-reconfigure --priority=low unattended-upgrades
# Choose "Yes" to enable automatic security updates

# Verify the configuration
cat /etc/apt/apt.conf.d/20auto-upgrades

Step 10 — Install Essential Tools and Deploy Your Application

Your Germany VPS is now hardened and production-ready. Install the tools relevant to your use case:

Bash — Common packages for web/dev servers

# Essential monitoring and utility tools
apt install -y htop iotop ncdu curl wget git unzip                net-tools dnsutils lsof rsync screen tmux

# For web servers:
apt install -y nginx                  # Web server
apt install -y mysql-server           # Database
apt install -y php8.3-fpm php8.3-mysql # PHP
apt install -y certbot python3-certbot-nginx  # Free SSL

# For Docker/containers:
apt install -y docker.io docker-compose
usermod -aG docker yourname

# For Node.js:
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
apt install -y nodejs

# Check all services are running cleanly
systemctl list-units --type=service --state=running

Setup Completion Checklist

SSH connected, system fully updated
Non-root user created with sudo privileges
SSH keys configured and tested
Password auth disabled in sshd_config
UFW firewall enabled — only needed ports open
Fail2ban installed and SSH jail active
SWAP file created and made permanent
Timezone set to Europe/Berlin
Automatic security updates enabled
Application stack installed and running

Your Germany VPS is now fully set up, secured, and production-ready. For next steps, see our guides on installing WordPress on VPS or the complete 10-step VPS security hardening guide.

Frequently Asked Questions

Following this guide takes approximately 20–30 minutes for someone comfortable with the command line. The first time takes longer as you read each step carefully. By your second or third VPS setup, the entire process (update, user, SSH keys, firewall, fail2ban, SWAP, application) takes under 15 minutes.

A reboot is recommended after the initial update if the kernel was updated (you will see "pending kernel upgrade" notices). Run: sudo reboot. Your VPS will be back online in under 30 seconds. SSH may disconnect briefly — reconnect after ~15 seconds.

Yes — Debian 11 and 12 use the same apt package manager, same SSH config location, and same UFW/Fail2ban setup. The only differences are minor: Debian uses 'su -' instead of 'sudo' by default on fresh installs (add yourself to the sudo group first), and some package names differ slightly. PHP installation uses the same Ondrej PPA on Debian.

Log in to your GermanyVPS.com client portal and use the web-based VNC/console access — this bypasses SSH entirely and gives you direct terminal access regardless of firewall or SSH configuration. From the console, you can fix any misconfiguration. This is why keeping your client portal credentials safe is important.