Full VPS Setup Guide — Debian 13 Minimal

A modern, secure, and minimal approach to setting up a fresh Debian 13 VPS from scratch.

vpsdebianserver

When you first get a new VPS, it usually feels like a blank machine staring back at you. No safety, no structure, just root access and potential. This guide walks through how to turn that empty server into a clean, secure, and usable environment using Debian 13 Minimal.

The focus here is simplicity and security — nothing over-engineered, just what you actually need.

First Access: Logging into Your Server

Everything starts with the first SSH login. At this stage, you’re still using the default root account provided by your VPS provider.

ssh root@IP_VPS

This is your entry point — from here, you’ll prepare everything properly so you won’t rely on root anymore.

Keeping the System Up to Date

A fresh system is not always a safe system. The first thing you should always do is update everything to the latest stable packages.

sudo apt update && apt upgrade -y

This ensures you’re not working with outdated or vulnerable packages right from the start.

Installing the Essential Tools

Before hardening or configuring anything, install a basic set of tools that will make server management easier. These are lightweight but very practical for daily use.

sudo apt install -y curl git btop ufw fail2ban gnupg ca-certificates lsb-release vim podman

Each tool here has a purpose:

  • monitoring system performance
  • managing firewall rules
  • protecting against brute-force attacks
  • handling containers and development tools

Preparing Secure SSH Access

Instead of relying on password authentication (which is risky), we move toward SSH key-based login.

On your local machine, generate a secure key pair:

ssh-keygen -t ed25519 -C "vps-personal"

Then display your public key:

cat ~/.ssh/id_ed25519.pub

This key will be used to securely authenticate into your server.

Adding Your Key to the Server

On the VPS, we prepare a secure SSH directory and store your key:

mkdir -p ~/.ssh
nano ~/.ssh/authorized_keys

Paste your public key here. Then lock it down with proper permissions — this step is critical for SSH security:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Verifying Key-Based Login

Before moving forward, test whether SSH key authentication works correctly.

ssh root@IP_VPS

If everything is set up correctly, you should be able to log in without entering a password.

Creating a Safer Admin User

Running everything as root is not a good long-term practice. So we create a dedicated admin user for daily operations.

adduser admin
usermod -aG sudo admin

This user will handle most tasks going forward.

Moving SSH Access to the New User

Now we transfer SSH access from root to the new admin account

mkdir -p /home/admin/.ssh
cp ~/.ssh/authorized_keys /home/admin/.ssh/
chown -R admin:admin /home/admin/.ssh
chmod 700 /home/admin/.ssh
chmod 600 /home/admin/.ssh/authorized_keys

At this point, your server is already moving toward a safer structure.

Testing Admin Access

Before locking anything down, make sure you can still access the server

ssh admin@IP_VPS

If this works, you now have a safer entry point than root.

Fixing PATH Issues (If They Appear)

Sometimes when switching users, system commands like ufw or systemctl might not be found immediately. If that happens, fix your PATH

echo 'export PATH=$PATH:/usr/sbin:/sbin' >> ~/.profile
source ~/.profile

Setting Hostname Properly

Giving your server a proper identity helps when managing multiple machines.

Check current hostname:

hostname

Optionally set a new one:

hostnamectl set-hostname nama-server

And ensure /etc/hosts matches:

nano /etc/hosts
127.0.0.1   localhost
127.0.1.1   nama-server

Securing SSH Configuration

Now we move into hardening the server. This is where real security begins.

Edit SSH config:

nano /etc/ssh/sshd_config

Recommended settings:

Port 22022
PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin no

Then restart SSH:

systemctl restart ssh

From this point on, root login and password login are disabled.

Enabling the Firewall

We now activate UFW to control network access.

ufw allow 22022/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable

Only essential ports remain open — everything else is blocked by default.

Protecting Against Brute Force Attacks

We enable Fail2Ban to automatically block suspicious login attempts:

systemctl enable fail2ban
systemctl start fail2ban

This adds an important layer of automated protection.

Setting the Correct Timezone

For logs, scheduling, and deployments, timezone matters.

timedatectl set-timezone Asia/Jakarta

Making SSH Easier to Use Locally

To avoid typing long SSH commands every time, create a shortcut configuration:

nano ~/.ssh/config
Host vps
HostName IP_VPS
User admin
Port 22022
IdentityFile ~/.ssh/id_ed25519

Now you can connect instantly:

ssh vps

Preparing Project Structure

Finally, create a clean workspace for your applications:

mkdir -p ~/apps

Final Step: Reboot and Verify

Restart the server so all changes fully apply:

reboot

After reboot, test everything:

ssh vps
ssh root@IP_VPS
ufw status
systemctl status fail2ban

Closing Thoughts

At this point, your VPS is no longer a raw machine. It now has:

  • secure SSH access
  • a non-root admin user
  • firewall protection
  • brute-force protection
  • clean structure for future apps

From here, you can safely move into deploying applications, containers, or web services.

© 2026 r3p.dev. All rights reserved.