When you bought new virtual private server (VPS) most providers give machines with remotely root access by SSH protocol, and it's not safe. This article provide some tips for help you increase VPS server's security. Let's start setting up.

First of all connect to your new server:

ssh root@your_servers_ip

Note: provider should send SSH credentials for the new VPS server via email.

Create new user with "adduser" command:

adduser user

System open interactive shell and will offer you to set some data:

root@your_servers_id:~# adduser user
Adding user `user' ...
Adding new group `user' (1000) ...
Adding new user `user' (1000) with group `user' ...
Creating home directory `/home/user' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for user
Enter the new value, or press ENTER for the default
    Full Name []: My User
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []:
Is the information correct? [Y/n] y

Note: you may leave blank first five lines and just press "Enter". But latest line need confirmation.

Now add new user in sudoers for running commands as root:

usermod -aG sudo user

If your machine haven't "sudo" utility, you need to install it:

apt update && apt install sudo -y

Logout and login with newly created user:

ssh user@your_servers_ip

Now remove root user's password:

sudo passwd -d root

PermitRootLogin no

sudo systemctl restart sshd.service

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

sudo sysctl -p

Install UFW utility for manage network access:

sudo apt install ufw -y

Add UFW rules for OpenSSH service to restricting access to your server:

sudo ufw allow from X.X.X.X to any port 22

Where X.X.X.X is your router's external address.

Enable UFW for autorun (when system started):

sudo ufw enable