[Mashiro]

There are a few things I do initially when I setup a new VPS.

• I setup SSH public-private key authentication, install my public keys, test the setup and after that I fully disable SSH password authentication and other methods.
  
• I also change the SSH port from 22 to a different port above 1024 while doing the step above.
  
• After the SSH port was changed and SSH public-private key authentication was successfully setup I run a update cycle to have the latest packages and a up to date OS.
  
• I perform a small cleanup and remove unnecessary packages to get a bit of disk space back (OpenVZ templates usually come with services like Apache and etc preinstalled even when one might not need them).
  
• And at the end I usually install misc packages like htop, nano, tmux and others that I might need to work and set them up afterwards.
  
• The grand but rather optional finale is that I would setup a strict firewall that blocks everything and only excludes certain ports such as SSH and etc. I usually write shell script for that and put it somewhere into the startup.
  

That's my checklist although I'm mostly too lazy for the last step because it includes a lot of maintenance work afterwards. For further projects, applications and etc ports have to be unlocked and everything always has to be tested.