First Boot: Initial Server Setup

You just deployed a VPS or cloud server from GoZen Host. Before you install anything, lock it down. A fresh server on a public IP gets hit by automated attacks within minutes.

Prerequisites link

• Your server’s IP address (from the client area → Services → My Services)
• Your root password (same location, or from the welcome email)
• An SSH client (see our SSH guide)

Step 1: Log In link

  ssh root@your-server-ip
  

Accept the host fingerprint and enter your password. You’re in.

Step 2: Update Everything link

First thing - update the package index and upgrade installed packages:

  apt update && apt upgrade -y
  

  dnf update -y
  

This patches known security vulnerabilities. Do this regularly.

Step 3: Create a Non-Root User link

Running everything as root is risky. One wrong rm -rf and there’s no guardrail. Create a regular user with sudo access:

  adduser deploy
usermod -aG sudo deploy
  

  adduser deploy
usermod -aG wheel deploy
  

Set a strong password when prompted.

Step 4: Set Up SSH Key Authentication link

Passwords can be brute-forced. SSH keys can’t (practically). Set this up now.

On your local machine (not the server):

  ssh-keygen -t ed25519 -C "your-email@example.com"
  

Copy the public key to your server:

  ssh-copy-id deploy@your-server-ip
  

Test it:

  ssh deploy@your-server-ip
# Should log in without asking for a password
  

Step 5: Disable Root Password Login link

Now that your non-root user works with an SSH key, lock down the SSH config:

  sudo nano /etc/ssh/sshd_config
  

Find and change these lines:

  PermitRootLogin no
PasswordAuthentication no
  

Restart SSH:

  sudo systemctl restart sshd
  

Step 6: Set Up a Firewall link

  # Allow SSH
sudo ufw allow 22/tcp

# Allow HTTP and HTTPS (if you'll run a web server)
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Enable the firewall
sudo ufw enable

# Check status
sudo ufw status
  

  # SSH is allowed by default
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
  

Step 7: Set the Hostname and Timezone link

  # Set hostname
sudo hostnamectl set-hostname your-hostname

# Set timezone
sudo timedatectl set-timezone UTC
  

Use UTC for servers - it avoids confusion with daylight saving time and makes log analysis simpler.

Step 8: Enable Automatic Security Updates (Optional) link

  sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure -plow unattended-upgrades
  

  sudo dnf install dnf-automatic -y
sudo systemctl enable --now dnf-automatic-install.timer
  

Quick Checklist link

After completing these steps, verify:

• You can SSH in as your non-root user
• Root login is disabled
• Password authentication is disabled
• Firewall is active with only needed ports open
• System packages are up to date
• Hostname and timezone are set

What to Do Next link

• Choosing an Operating System - already deployed but wondering if you picked the right OS?
• Monitoring Your Server - keep an eye on CPU, memory, and disk usage
• Connecting to Your Server via SSH - more SSH tips including custom ports and config files