When you receive a brand new Linux VPS (Virtual Private Server), you'll need three things before connecting. First, the server IP address provided by your service provider. Second, the username; for a brand new Linux VPS, the default administrator account is usually `root`. Finally, and most importantly, are your authentication credentials. These come in two forms: a password or an SSH key. Most reputable providers will provide a temporary `root` password when creating the server, or require you to upload your own SSH public key. Please keep this information safe.

To connect to the server, you'll also need an SSH client. If you're using macOS or Linux, congratulations! Your system comes with a powerful terminal tool; simply open the "Terminal" application. If you're using Windows, the situation is slightly different. Newer versions of Windows 10 and 11 have the OpenSSH client built-in, and you can also try using the `ssh` command in PowerShell or the command prompt. If that's not available, a popular option is the free PuTTY, which provides a graphical interface for managing connections. Another modern and feature-rich option is Termius, which is cross-platform and has a user-friendly interface.

Understanding and Establishing a Secure Connection

The core protocol for communicating with the server is SSH. You can think of it as establishing an encrypted, protected tunnel over the internet. All commands you enter and all results returned by the server are encrypted during transmission within this tunnel, making it very secure. Basic connection commands are very simple. Open your terminal (or PuTTY) and enter the command in the following format:

ssh root@yourserverIPaddress

For example, if your IP address is `123.123.123.123`, then the command would be `ssh root@123.123.123.123`. If this is your first time connecting to this server, you will see a warning about "host authenticity," asking if you trust this newly appeared server fingerprint. Enter `yes` here, and your computer will remember this server. Next, the system will prompt you for the password for the `root` user. Note that no characters will be echoed on the screen while you are entering the password (i.e., no asterisks will be displayed). This is a normal security design; simply enter the correct password and press Enter.

However, using passwords for login, especially the `root` password, is considered a relatively weak link in modern security practices. It is vulnerable to brute-force attacks. Therefore, a more professional and secure method is to use SSH key pairs. A key pair consists of a "private key" and a "public key." The private key is stored on your own computer and must be kept absolutely secret, like a house key; the public key can be safely placed on the server, like a door lock. When connecting, both parties use mathematical methods to verify whether you possess a matching private key, thus completing the login. This is much more secure and convenient than a password.

To use keys, you first need to generate a pair on your own computer. Run the following in the terminal:

ssh-keygen -t ed25519

This command will generate a new key pair based on the Ed25519 algorithm. The system will ask you where to save the key; simply press Enter to use the default path (usually `~/.ssh/id_ed25519`). Next, it will ask if you want to set a "passphrase" for your private key. This is like adding another lock to your key, preventing others from using it directly even if the private key file is accidentally leaked. Setting one is strongly recommended. After successful generation, you will get two files: `id_ed25519` (private key) and `id_ed25519.pub` (public key).

Next, you need to "install" the public key onto the server. There's a very convenient command that can do this in one click:

ssh-copy-id root@yourserverIPaddress

After running this command, enter the `root` password once, and your public key will be automatically added to the `~/.ssh/authorized_keys` file of the `root` user on the server. From then on, when you connect to this server, you will prioritize key authentication and no longer need to enter a password. If using PuTTY, the process is similar, but you need to use the accompanying `puttygen.exe` tool to generate the key and manually paste the public key content into the specified file on the server.

Immediate Actions After Logging In

The moment you successfully log into the server and see the command prompt, your work has only just begun. A brand new system often presents security risks, and you should immediately begin the following basic hardening procedures—just like changing the locks and checking the doors and windows immediately after moving into a new house.

First, update the system immediately. Newly installed system packages are likely not the latest versions, and updates often include important security patches. Run the appropriate commands depending on your server's Linux distribution (usually Ubuntu/Debian or CentOS/Rocky Linux):

For Ubuntu/Debian:

apt update && apt upgrade -y

For CentOS/Rocky Linux:

yum update -y

Second, create a new regular user and stop directly using root. Root privileges are too high; even a small mistake in daily operations can lead to catastrophic consequences. We should create a regular user with sudo privileges to manage the server.

adduser your new username

usermod -aG sudo your new username # On Ubuntu/Debian

# Or on CentOS/Rocky: usermod -aG wheel your new username

After creation, you can exit the current root session (type `exit`) and then log in again with the new user: `ssh newusername@serverIP`. After logging in, you can perform operations requiring administrator privileges by adding `sudo` before commands.

Third, and crucially, modify the SSH service configuration to fundamentally enhance security. Open the SSH configuration file using a text editor (such as `nano` or `vim`):

sudo nano /etc/ssh/sshd_config

In this file, we recommend making the following modifications:

1. Disable direct SSH login for the root user: Find the line `PermitRootLogin` and change it to `PermitRootLogin no`.

2. Allow key-based login whenever possible: Find the line `PasswordAuthentication` and ensure it is set to `no`. This completely eliminates the possibility of brute-force password attacks.

3. (Optional) Change the default SSH port: Locate the line `Port 22` and replace 22 with another number between 1024 and 65535 (e.g., `Port 2345`). This reduces automated scanning harassment targeting port 22.

After making the changes, save the file. Before applying the new configuration, ensure your current login session remains open and open a new terminal window to test the configuration. This is to prevent configuration errors from locking you out of the server. Try logging in with the new configuration (e.g., new user, new port) in the new window. Once successful, return to the original session window and run the following command to restart the SSH service for the configuration to take effect:

sudo systemctl restart sshd` # or `sudo service ssh restart

Fourth, configure a basic firewall. A firewall acts like a server security guard, allowing only necessary traffic to enter. Ubuntu typically uses `ufw`, while CentOS uses `firewalld`. For example, on Ubuntu, you can allow only SSH and HTTP/HTTPS traffic like this:

sudo ufw allow your new SSH port number /tcp` # If you changed your SSH port, you must allow the new port here!

sudo ufw allow 80/tcp

sudo ufw allow 443/tcp

sudo ufw enable

After completing the above steps, your Linux VPS has a solid security foundation. You have successfully logged in and installed the first line of defense. Remember, server management is an ongoing process; regularly updating software, checking logs, and backing up data are crucial for ensuring its long-term stable operation. Now, you can start deploying websites and running applications in your own digital space.