First Login And Baseline Hardening

Connect securely, update the server, and apply baseline protections after first boot.

Category: Post-Deploy Setup
Prerequisites
  • Server is running and has reachable public IP.
  • You have valid SSH key or server password.
  • Firewall policy for SSH and required app ports is planned.
Steps
  1. Connect to the server via SSH or console from dashboard.
  2. Rotate default credentials immediately if password-based login is enabled.
  3. Update all system packages to latest stable patches.
  4. Set hostname and timezone so logs and monitoring are consistent.
  5. Create or verify a non-root admin user and limit direct root access.
  6. Allow only required inbound ports in firewall or security group.
  7. Install baseline tooling such as fail2ban, monitoring agent, or logging agent.
Verification
  • SSH login works with intended user and access method.
  • System package manager reports no pending critical updates.
  • Firewall rules match expected ports and deny unnecessary ingress.
Common Mistakes
  • Leaving root login open to password authentication.
  • Applying firewall rule changes without testing current SSH session.
  • Skipping package updates before exposing app services publicly.
Next: Manage Server Day-to-Day