Essential Initial Server Setup for Your New VPS

So, you’ve just deployed a new VPS on Linode, DigitalOcean, or AWS. The IP address is in your inbox, and you are ready to install your MQTT broker or Node.js app.

Stop! 🛑

Before you install anything, you need to secure the foundation. A fresh server usually comes with only the root account enabled. Using the root account for daily tasks is like chopping vegetables with a chainsaw—powerful, but one slip-up can destroy everything.

In this guide, we will walk through the 5 essential steps to secure your Ubuntu 20.04/22.04 server. This setup will give you a robust, secure environment for all your future IoT projects.

Step 1: The First Login

First, we need to log in with the credentials your cloud provider gave you. This is usually the root user and a password (or SSH key if you added one during creation).

Open your terminal (or Bitvise SSH Client on Windows) and type:

ssh root@your_server_ip_address

• Note: If this is your first time connecting, you will see a warning about "host authenticity." Type yes to accept.
• If you are using a password, enter it now. If you are prompted to change the root password immediately, follow the instructions on screen.

Step 2: Create a New User (Don't use Root!)

The root user has unlimited privileges. To prevent accidental disasters, we will create a regular user account. We will name ours iotuserin this example, but you should use your own name (e.g., iotuser).

Run this command:

adduser iotuser

You will be asked a series of questions:

1. Enter a new password: Choose a strong one!
2. User info: You can press ENTER to skip the name, room number, etc.
3. Is the information correct? Type Y and press Enter.

Step 3: Grant Administrative Privileges (Sudo)

Now we have a new user, iotuser. But sometimes iotuser needs to do admin tasks (like installing software). We don't want to log out and switch back to root every time.

Instead, we will add iotuser to the sudo group. This allows the user to run admin commands by typing sudo before them.

usermod -aG sudo iotuser

• -aG: Appends the user to a Group.
• sudo: The name of the group that has admin rights.

Step 4: Set Up a Basic Firewall (UFW)

Security is key. Ubuntu comes with a firewall called UFW (Uncomplicated Firewall). By default, it is disabled. We need to enable it, but we must be careful not to lock ourselves out!

Verify Status:

ufw status

You should see Status: active and OpenSSH allowed from Anywhere.

Enable the Firewall:

ufw enable

Type y when it warns you about disrupting SSH connections.

Allow SSH: Critical: You must run this before enabling the firewall, or you will lose connection to your server forever!

ufw allow OpenSSH

Check available apps:

ufw app list

You should see OpenSSH in the list.

Step 6: Test and Switch

Now, the moment of truth. Do not close your current root connection yet (just in case).

1. Open a new terminal window on your computer.

Try to log in as your new user:

ssh iotuser@your_server_ip

If everything is set up correctly, you should log in immediately (without a password if you used SSH keys, or with your user password if you didn't).

Once you are in, test your superuser powers:

sudo apt update

It will ask for your password (the one you set for iotuser). If the update starts, congratulations! You have successfully configured your VPS.

What's Next?

Your server is now secure, firewalled, and ready for action. You can now safely proceed to install your software.

• Ready to build an IoT network? Check out my guide on

Happy Coding!