Hetzner VPS Setup

By matsjfunke

2024-12-20

Introduction

This is a comprehensive guide to setting up a Virtual Private Server (VPS) on Hetzner Cloud. Simply follow the steps from start to finish to ensure a smooth setup process. It covers everything from creating a server, setting up SSH access, configuring firewalls, managing users, and transferring files. By the end of this guide, you will have a fully operational VPS tailored to your project's needs.

Go to hetzner cloud

  • add server
  • select server components:
    • Location
    • Operating system
    • CPU cores & type
    • RAM
    • Storage

Setup SSH

  1. generate ssh-key in you terminal
cd ~/.ssh

ssh-keygen -t ed25519

Enter file in which to save the key (/path/to/your/.ssh/id_ed25519): <project-name>

Enter passphrase (empty for no passphrase): <CR> or enter any passphrase
  1. add pbulic key to hetzner

copy the public key and paste into field hetzner console

cat ~/.ssh/project-name.pub
  1. give permission to read privatekey-file
chmod 400 ~/.ssh/<project-name>

Add firewall on Hetzner dashboard

1. Click "Add Rule" ("Regel hinzufügen") and create the following rules:

SSH Access

  • Source IP: Any IPv4, Any IPv6
  • Protocol: TCP
  • Port: 22

HTTP Access

  • Source IP: Any IPv4, Any IPv6
  • Protocol: TCP
  • Port: 80

HTTPS Access

  • Source IP: Any IPv4, Any IPv6
  • Protocol: TCP
  • Port: 443

2. Verify that:

  • All rules show as active
  • Status shows "Vollständig angewendet" (Fully applied)
  • Rules are applied to the selected resource ("Angewendet auf 1 Ressource")

Name server

choose a descriptive name fitting your project

Connenct to server via ssh

  • copy server IPv4 address from hetzner server dashboard
ssh -i ~/.ssh/<project-name> root@<IPv4>

Update and upgrade system packages after first login

sudo apt update
sudo apt upgrade -y
sudo reboot

than ssh back into the server

User Management

  1. Create a non-root user with sudo privileges
adduser <username>

usermod -aG sudo <username>
  1. Copy SSH key for new user
mkdir -p /home/<username>/.ssh
cp ~/.ssh/authorized_keys /home/<username>/.ssh/
chown -R <username>:<username> /home/<username>/.ssh
chmod 700 /home/<username>/.ssh
chmod 600 /home/<username>/.ssh/authorized_keys
  1. Test sudo access with the new user:
su - <username>
# with new user run
sudo whoami  # Should return "root"
  1. After confirming everything works, you should update the SSH configuration to disable root login:
sudo vim /etc/ssh/sshd_config

Change or add these lines:

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
  1. Restart the SSH service:
sudo systemctl restart ssh
  1. Test new SSH connection in a new terminal window before logging out:
ssh -i ~/.ssh/<project-name> <username>@<IPv4>

File transfer / management setup

either git or rsync

  1. git
sudo apt install git -y
# now generate an access token on github, done
git clone https://<token>@github.com/your-username/your-repo.git
git pull https://<token>@github.com/your-username/your-repo.git
  1. rsync
sudo apt install rsync -y

Use rsync on your maschine to send to server

rsync -avz /source/directory/ <username>@<IPv4>:directory/