VPS for Beginners: Your Guide to Choosing and Securing

Many of you want to host your own projects online, run Docker applications, or perhaps operate a game server. For that, you need a server, and a VPS (Virtual Private Server) is often the perfect starting point.

What is a VPS and why do you need one?

A Virtual Private Server (VPS) is essentially a virtual server running on a physical machine, but it provides you with dedicated resources (CPU, RAM, storage). Unlike shared hosting, a VPS gives you more control and performance. This is ideal for:

Your own websites and applications: Host your projects with full control.
Docker containers: Run isolated applications.
Game servers: Start your own gaming community (for example, with OpenTTD).
VPN server: Create your own private network.
Development environments: Test software in a controlled environment.
Tunneling into your home network: Secure connections to your home, e.g., with Pangolin.

Choosing the Right VPS Provider: What to Look For?

Selecting a VPS provider can be overwhelming, as there are countless options. I’ll introduce a few well-known ones here and what you should generally look for.

Well-Known Providers (Examples)

Netcup

Netcup is a German web hosting provider and domain registrar known for its good price-performance ratio for VPS (Virtual Private Servers) and root servers. The company emphasizes transparent pricing and offers a wide range of server configurations for different needs, from small web projects to resource-intensive applications.

Affiliate vouchers are available here. Example (5 EUR): 36nc16172088230 Redeem here

* Vouchers do not apply to domains. I receive a commission if you use the voucher, at no disadvantage to you.

Hetzner

Hetzner Online is a German web hosting provider and data center operator, internationally known for its high-performance and cost-effective dedicated servers, cloud servers (VPS), and colocation services. The company is characterized by modern infrastructure, transparent pricing, and a focus on technical users.

Affiliate link with starting credit: Click Here

Credit only for new customers who create a new account via the link. I receive a commission if you use the link, at no disadvantage to you.

RackNerd

RackNerd is a web hosting service provider specializing in dedicated servers, VPS (Virtual Private Servers), colocation, and shared hosting. The company is known for its competitive pricing and a wide range of server configurations tailored to the needs of various customer groups.

* I receive a commission if you use the link, at no disadvantage to you.

Contabo

Contabo is a German web hosting service provider known for its very aggressively priced VPS (Virtual Private Servers) and dedicated servers. The company has made a name for itself by often offering significantly more RAM and CPU cores for the price than many competitors. They have a global presence with data centers in Europe, the USA, Asia, and Australia.

OVHcloud

OVHcloud is a global cloud computing provider headquartered in France. The company offers a wide range of services, including dedicated servers, public and private cloud solutions, web hosting, and VPS (Virtual Private Servers). OVHcloud is known for its extensive proprietary infrastructure, including a global fiber optic network and numerous data centers worldwide.

Hostinger

Hostinger is an international web hosting provider known for its affordable hosting solutions, including VPS (Virtual Private Servers). The company targets both beginners and advanced users, emphasizing user-friendliness and good value for money.

Ionos by 1&1

IONOS is a large, internationally active web hosting and cloud service provider with German roots (part of the United Internet Group). The company offers a very broad range of services for private customers, self-employed individuals, and businesses, including domain registration, email services, website builders, shared hosting, dedicated servers, and also VPS (Virtual Private Servers).

Kamatera

Kamatera is a global cloud service provider specializing in flexible and scalable cloud infrastructure solutions, including VPS (Virtual Private Servers), cloud servers, block storage, and managed cloud services. The company is known for its highly customizable server configurations and a pay-as-you-go pricing model.

Important Selection Criteria

Price: Small VPS are available for just a few euros/dollars per month. Consider what you need and what you’re willing to spend.
Specifications (CPU, RAM, Storage, Traffic):
- How much performance do you need? For small websites or a few Docker containers, 1-2 CPU cores and 1-2 GB of RAM are often sufficient.
- CPU Cores: Not all CPU cores are created equal. Performance depends on the underlying hardware and the load from other users.
- RAM: Similar to CPU, speed can vary.
- Storage: SSDs (NVMe is faster) are standard. Consider how much space you need.
- Traffic: Unlimited with some providers, while others have limits. For most beginner projects, standard limits are usually enough.
Operating System (OS): A choice of common Linux distributions like Ubuntu or Debian should be available. I use Ubuntu for most of my tutorials. Check if your desired distribution or custom ISO files are supported.
Backup Options: Some providers offer paid backup solutions. Important: Always create your own backups, ideally following the 3-2-1 rule (see blog post on backups with Duplicati).
Support and Reviews: Read current reviews, especially if you’re unfamiliar with the provider. Well-known providers are often more reliable for important projects.

Example Comparison

This is a snapshot; prices and performance may vary or may have been incorrectly recorded by me.

Provider	Plan	CPU Cores	RAM (GB)	Storage (Capacity, Type)	Bandwidth (TB, Speed)	Primary Locations	Price (monthly, annually)
Netcup	VPS 1000 G11	4	8	256 GB, NVMe	Unlimited, can be throttled to 200 Mbit/s	Nuremberg (DE), Vienna (AT), Amsterdam (NL)	14.46 EUR, 94.20 EUR
Netcup	RS 1000 G11	4	8	256 GB, NVMe	Unlimited, 2.5 Gbit/s	Nuremberg (DE), Vienna (AT), Amsterdam (NL)	13.51 EUR, 135.84 EUR
Hetzner	CX32	4	8	80 GB, NVMe	20 TB, 500 Mbit/s	Falkenstein (DE), Nuremberg (DE), Helsinki (FI)	8.09 EUR, 97.08 EUR
Racknerd	KVM-4GB	4	4	130 GB, SSD	3 TB, 1 Gbit/s	USA	24.59 USD, 295.08 USD
IONOS	VPS M	2	4	120 GB, NVMe	Unlimited, 1 Gbit/s	Germany, United Kingdom, Spain	18.00 EUR, 84.00 EUR
Hostinger	KVM 2	2	8	100 GB, NVMe	8 TB, 1 Gbit/s	Germany, France, Lithuania, Netherlands	8.99 EUR, 95.88 EUR
Contabo	Cloud VPS 20	6	12	200 GB, SSD	32 TB, 300 Mbit/s	Germany, Europe	8.33 EUR, 84.96 EUR
DigitalOcean	General Purpose 8GB	2	8	25 GB, SSD	500 GB, 10Gbit/s	Worldwide	63.00 USD, 756.00 USD
Vultr	High Frequency 4GB	2	4	128 GB, NVMe	3 TB, 10Gbit/s	Worldwide	24.00 USD, 288.00 USD
Kamatera	General Purpose 4GB	2	4	40 GB, SSD	5 TB, 10Gbit/s	Worldwide	42.00 USD, 504 USD
Scaleway	Play2-Nano	2	4	80 GB, SSD	Unlimited, 1Gbit/s	Paris (FR), Amsterdam (NL), Warsaw (PL)	29.52 EUR, 354.24 EUR
OVHcloud	Comfort	4	8	160 GB, NVMe	Unlimited, 2Gbit/s	Gravelines (FR), Roubaix (FR), Strasbourg (FR), Limburg (DE), Warsaw (PL)	27.99 EUR, 293.55 EUR
Cloudzy	Advanced	2	4	120 GB	5 TB, 10Gbit/s	Utah (USA), Dallas (USA), Amsterdam (NL)	17.95 USD, 167.58 USD

Securing Your VPS Basics: Step-by-Step

For this tutorial, I’m using a server from Hetzner with Ubuntu 24.04 and a shared CPU. I’ve chosen the smallest server with a public IPv4 address in Nuremberg. I’ll note down the IP address; I’ll receive the access credentials (root password) via email.

Open a terminal (Linux/macOS) or PowerShell (Windows). If you’re using PuTTY, you can follow these steps in PuTTY. SSH should already be installed.

ssh root@YOUR_SERVER_IP_ADDRESS

The first time you connect, you’ll be asked if you want to confirm the server’s fingerprint. Type yes and press Enter. Then, enter the password you received via email. (Sometimes you might need to try a few times before it works).

Often, you’ll be immediately prompted to re-enter the current password and then set a new, strong password.

# Enter current password
# Enter new password
# Confirm new password

Step 2: Update the System

First and foremost: Keep your system up to date!

apt update && apt upgrade -y

This command updates the package lists (apt update) and then upgrades all installed packages (apt upgrade). The -y automatically confirms all prompts. This might take a moment.

Step 3: Create a New User (with sudo privileges)

Working directly as root is dangerous. A typo can have fatal consequences. We’ll create a regular user and give them sudo privileges to execute commands with root rights when needed.

adduser your_username # Replace your_username

You’ll be asked for a strong password for the new user and can enter optional information (usually not necessary).

Now, give the user sudo privileges:

usermod -aG sudo your_username

Check if the user is in the sudo group:

groups your_username
# Output should include "sudo" among others

Step 4: Secure SSH Access with Keys (instead of passwords)

Passwords can be guessed or cracked. SSH keys are significantly more secure.

How does it work? You generate a key pair:

Private key: Stays secret on your local computer.
Public key: Is copied to the server. When logging in, your computer identifies itself with the private key, and the server verifies this with the public key – without any password transmission.

4a. Generate a key pair on your local computer

On Linux, macOS, or Windows (with OpenSSH installed, often standard on Windows 10/11) in your local terminal:

ssh-keygen -t ed25519 -C "Comment_e.g._Hetzner_Server"

-t ed25519: Uses a modern, secure algorithm. Alternative: rsa -b 4096.
-C "Comment": An optional comment to identify the key.

You’ll be asked where to save the key (the default path is usually ~/.ssh/id_ed25519 – just press Enter) and can set a passphrase. I strongly recommend using a strong passphrase! It provides an additional layer of protection for your private key.

In the ~/.ssh/ directory (or %USERPROFILE%\.ssh\ on Windows), you’ll now find two files, e.g.:

id_ed25519 (private key – keep it secret!)
id_ed25519.pub (public key – this is the one we’ll copy)

Note for Windows users: If ssh-keygen doesn’t work, install OpenSSH or use tools like PuTTYgen.

4b. Copy the public key to the server

ssh your_username@YOUR_SERVER_IP_ADDRESS
# Enter the new user's password

Once logged in on the server:

# Create the .ssh directory if it doesn't exist
mkdir -p ~/.ssh

# Set the correct permissions for the directory
chmod 700 ~/.ssh

# Open the authorized_keys file for editing
nano ~/.ssh/authorized_keys

Now, copy the contents of your id_ed25519.pub file (from your local machine) as a single line into the authorized_keys file on the server.

Save the file in nano with Ctrl+O, Enter, and close with Ctrl+X.

Set the correct permissions for the file:

chmod 600 ~/.ssh/authorized_keys

Alternative: ssh-copy-id (from your local machine) If ssh-copy-id is available on your local system (you might need to install it, e.g., on Windows with choco install ssh-copy-id), you can copy the key more easily:

# Execute from your local machine:
ssh-copy-id -i ~/.ssh/id_ed25519.pub your_username@YOUR_SERVER_IP_ADDRESS
# You will be prompted for the password for "your_username" on the server.

This command handles creating .ssh and authorized_keys as well as setting permissions automatically. Sometimes there are issues with ssh-copy-id in Windows PowerShell; in that case, the manual method above is more reliable.

4c. Test the key login

Log out from the server:

exit

Now try to log in again from your local machine:

ssh your_username@YOUR_SERVER_IP_ADDRESS

If everything is set up correctly, you should now be prompted for the passphrase of your SSH key (if you set one) and not for the user password.

After key login works for your regular user, we can and should disable password login for SSH entirely.

sudo nano /etc/ssh/sshd_config
# Enter your user password (for sudo)

Find and change the following lines (remove # at the beginning of the line if present):

# Ensure this is set to yes
PubkeyAuthentication yes

# Disable password authentication
PasswordAuthentication no

# Forbid root login completely (or set to prohibit-password if root login via key is explicitly desired)
PermitRootLogin no

# Optional: Disable challenge-response authentication
# KbdInteractiveAuthentication no # Often already covered by PasswordAuthentication no

Important: Sometimes there are additional configuration files that might override these settings. Check the /etc/ssh/sshd_config.d/ folder. A common file is 50-cloud-init.conf.

sudo ls -l /etc/ssh/sshd_config.d/
# If a file like 50-cloud-init.conf exists there:
sudo nano /etc/ssh/sshd_config.d/50-cloud-init.conf

Ensure that PasswordAuthentication is also set to no here, or the line is commented out, so the main configuration takes effect.

Save the changes (Ctrl+O, Enter, Ctrl+X) and restart the SSH service:

sudo systemctl restart sshd # or sometimes "ssh" instead of "sshd"

VERY IMPORTANT: Open a new terminal window and try to log in before closing your current connection!

# In a NEW local terminal:
ssh your_username@YOUR_SERVER_IP_ADDRESS

If you can log in with your key (and passphrase, if applicable) and an attempt to log in with an incorrect password (or as root) fails, everything has worked.

Step 6: Set up a second SSH key

It’s a good idea to have a backup SSH key or a key for another device (e.g., your smartphone). Generate a new key on the other device and add its public part to the ~/.ssh/authorized_keys file on the server (each key on a new line). Apps like Termux (Android) or Blink Shell (iOS) support SSH keys.

Step 7: Set up a simple firewall (UFW)

A firewall controls incoming and outgoing network traffic. UFW (Uncomplicated Firewall) is easy to use.

Check if UFW is installed (it often is):

sudo ufw status
# If not installed: sudo apt update && sudo apt install ufw

First, let’s allow SSH traffic so we don’t lock ourselves out:

sudo ufw allow OpenSSH
# Alternatively, if OpenSSH is not known as an app:
# sudo ufw allow 22/tcp

If you want to run a web server (without Docker, which brings its own port rules):

sudo ufw allow http  # Port 80
sudo ufw allow https # Port 443

Enable the firewall:

sudo ufw enable
# Confirm with "y"

Check the status:

sudo ufw status verbose

You should see that the firewall is active and the allowed ports (e.g., 22/tcp) are listed. All other incoming connections are blocked by default.

Conclusion: The Foundation is Laid!

That was a quick rundown, but now you know how to choose your first VPS, log in for the first time, and apply basic security settings: system updates, a new user with sudo, SSH security via keys and disabling password login, and a simple firewall.

From here, you can start setting up Docker, configuring your web server, or whatever else you plan to do with your server.

I hope this post has helped you get your first VPS up and running securely. Good luck with your own server!

FAQs

Which Linux distribution should I choose as a beginner on a VPS?

Ubuntu and Debian are very beginner-friendly and have large communities as well as many online tutorials. Ubuntu is used in this tutorial and many others.

What do I do if I've locked myself out after SSH configuration?

Most VPS providers offer an emergency console (often called VNC or KVM console) through their web interface. This allows you to connect to the server even without SSH and fix configuration errors.

Do I really need an IPv4 address, or is IPv6 enough?

Although IPv6 is the future, not all internet users and services are reachable via it yet. For starters and for maximum compatibility, a dedicated IPv4 address is recommended, especially if you want to host services that should be accessible from anywhere.

How much does a VPS for beginners cost?

Simple VPS for small projects or for learning can be found for as little as a few euros/dollars per month (e.g., €2-5 / $2-5). More powerful servers with more RAM, CPU cores, and storage can cost €10-20 / $10-20 or more. Pay attention to contract durations and any setup fees.

Table of Contents