Back to Compendiums

Hetzner VPS Setup

by matsjfunke

Introduction

This is a comprehensive guide to setting up a Virtual Private Server (VPS) on Hetzner Cloud. Simply follow the steps from start to finish to ensure a smooth setup process. It covers everything from creating a server, setting up SSH access, configuring firewalls, managing users, and transferring files. By the end of this guide, you will have a fully operational VPS tailored to your project's needs.

Go to hetzner cloud

  • add server
  • select server components:
    • Location
    • Operating system
    • CPU cores & type
    • RAM
    • Storage

Setup SSH

1. generate ssh-key in you terminal

bash
1cd ~/.ssh
2
3ssh-keygen -t ed25519
4
5Enter file in which to save the key (/path/to/your/.ssh/id_ed25519): <project-name>
6
7Enter passphrase (empty for no passphrase): <CR> or enter any passphrase
8

2. add pbulic key to hetzner

copy the public key and paste into field hetzner console

bash
1cat ~/.ssh/project-name.pub
2

3. give permission to read privatekey-file

bash
1chmod 400 ~/.ssh/<project-name>
2

Add firewall on Hetzner dashboard

1. Click "Add Rule" ("Regel hinzufügen") and create the following rules:

SSH Access

  • Source IP: Any IPv4, Any IPv6
  • Protocol: TCP
  • Port: 22

HTTP Access

  • Source IP: Any IPv4, Any IPv6
  • Protocol: TCP
  • Port: 80

HTTPS Access

  • Source IP: Any IPv4, Any IPv6
  • Protocol: TCP
  • Port: 443

2. Verify that:

  • All rules show as active
  • Status shows "Vollständig angewendet" (Fully applied)
  • Rules are applied to the selected resource ("Angewendet auf 1 Ressource")

Name server

choose a descriptive name fitting your project

Connenct to server via ssh

  • copy server IPv4 address from hetzner server dashboard
bash
1ssh -i ~/.ssh/<project-name> root@<IPv4>
2

Update and upgrade system packages after first login

bash
1sudo apt update
2sudo apt upgrade -y
3sudo reboot
4

than ssh back into the server

User Management

1. Create a non-root user with sudo privileges

bash
1adduser <username>
2
3usermod -aG sudo <username>
4

2. Copy SSH key for new user

bash
1mkdir -p /home/<username>/.ssh
2cp ~/.ssh/authorized_keys /home/<username>/.ssh/
3chown -R <username>:<username> /home/<username>/.ssh
4chmod 700 /home/<username>/.ssh
5chmod 600 /home/<username>/.ssh/authorized_keys
6

3. Test sudo access with the new user:

bash
1su - <username>
2# with new user run
3sudo whoami  # Should return "root"
4

4. After confirming everything works, you should update the SSH configuration to disable root login:

bash
1sudo vim /etc/ssh/sshd_config
2

Change or add these lines:

bash
1PermitRootLogin no
2PasswordAuthentication no
3PubkeyAuthentication yes
4

5. Restart the SSH service:

bash
1sudo systemctl restart ssh
2

6. Test new SSH connection in a new terminal window before logging out:

bash
1ssh -i ~/.ssh/<project-name> <username>@<IPv4>
2

File transfer / management setup

either git or rsync

1. git

bash
1sudo apt install git -y
2# now generate an access token on github, done
3git clone https://<token>@github.com/your-username/your-repo.git
4git pull https://<token>@github.com/your-username/your-repo.git
5

2. rsync

bash
1sudo apt install rsync -y
2

Use rsync on your maschine to send to server

bash
1rsync -avz /source/directory/ <username>@<IPv4>:directory/
2