Debian Server Installation and Basic Configuration Guide

As of February 2026, the current stable release of Debian is Debian 13 “trixie” (latest point release: 13.3, January 2026). This guide focuses on installing a minimal, headless server edition using the netinst (network installation) image — the most efficient choice for servers.

This approach downloads only essential packages during setup and keeps the system lightweight, secure, and optimized for long-term server use (web servers, databases, containers, file servers, etc.).

1. Preparation

• Hardware requirements (minimal server):
  • 64-bit CPU (amd64 recommended; arm64, riscv64, etc., also supported)
  • ≥ 1 GB RAM (2–4 GB recommended for comfort)
  • ≥ 10–20 GB disk space
  • Internet connection (wired Ethernet strongly preferred during install)
• Download the netinst ISO Go to: https://www.debian.org/distrib/netinst Select the small installation image for your architecture (usually amd64): Example direct link pattern: https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-13.3.0-amd64-netinst.iso
• Create bootable media
  • USB stick (≥ 1 GB): Use tools like Rufus (Windows), balenaEtcher, dd (Linux/macOS), or Fedora Media Writer.
  • Verify the ISO checksum (SHA512SUMS file is on the same download page).
• BIOS/UEFI settings
  • Enable UEFI mode if your system uses it (most modern servers do).
  • Disable Secure Boot (or enroll Debian keys if you want to keep it).
  • Set boot order to USB first.

2. Installation Process (Step-by-Step)

Boot from the USB. The Debian Installer (graphical or text-based) starts.

1. Select language, location, keyboard → Choose English (United States) or your preference. → Locale and keyboard layout.

2. Configure the network → Most servers use DHCP → auto-configures. → If static IP needed: enter manually (IP, netmask, gateway, DNS). Very important for netinst — installer downloads packages over the internet.

3. Set hostname → Example: myserver, web01, db-prod-01 → Avoid spaces/special characters.

4. Domain name (optional) → e.g., example.local or leave blank for simple setups.

5. Root password → Set a strong password for the root account. → (You can later disable direct root login and use sudo.)

6. Create a standard user account → Full name: e.g., “Admin User” → Username: e.g., admin or your name → Strong password → This user will be added to the sudo group automatically.

7. Disk partitioning For servers, choose one of these (recommended for simplicity and reliability):

   Option	Best for	Notes
   Guided – use entire disk	Most servers	Creates / + small /boot + swap
   Guided – use entire disk and set up LVM	Production servers needing snapshots	Recommended – easier future resizing & backups
   Guided – use entire disk and set up encrypted LVM	Security-sensitive servers	Full disk encryption (LUKS) – passphrase required at boot
   Manual	Advanced / custom layouts	e.g., separate /var, /home, /tmp partitions

   → For most servers: Guided – use entire disk and set up LVM → Write changes to disk when prompted

8. Software selection (crucial for server) → Uncheck everything except:

   • Debian desktop environment → do NOT select (no GUI needed)
   • … GNOME / XFCE / etc. → skip
   • SSH server → highly recommended (installs OpenSSH)
   • standard system utilities → keep checked

   → This keeps the install minimal (~400–700 MB installed).

9. Package manager mirror → Choose a country → select a mirror (or use deb.debian.org for global anycast). → Proxy: usually none.

10. Participate in popularity contest? → No (privacy) or Yes (helps Debian).

11. GRUB boot loader → Yes, install to primary drive (/dev/sda or equivalent).

12. Finish installation → Reboot (remove USB).

3. First Boot & Basic Post-Installation Configuration

Log in as your standard user (or root).

Update the system immediately:

sudo apt update
sudo apt upgrade -y
sudo apt install sudo locales vim htop curl wget net-tools -y

• Enable sudo for your user (if not already)

# As root or with temporary root access
usermod -aG sudo yourusername

• Better locale (if needed)

sudo dpkg-reconfigure locales
# Select en_US.UTF-8 UTF-8 (or your language)
sudo locale-gen

• Set timezone

sudo dpkg-reconfigure tzdata

• Secure SSH (very important for servers)

Edit /etc/ssh/sshd_config:

sudo nano /etc/ssh/sshd_config

Recommended changes:

PermitRootLogin no                    # or prohibit-password
PasswordAuthentication no             # after setting up keys
PubkeyAuthentication yes
MaxAuthTries 3
LoginGraceTime 30

Then:

sudo systemctl restart ssh

• Set up SSH key authentication (from your client machine)

# On your local computer
ssh-keygen -t ed25519
ssh-copy-id yourusername@server-ip

• Firewall (use ufw – simple)

sudo apt install ufw -y
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status

• Automatic security updates (strongly recommended)

sudo apt install unattended-upgrades apt-listchanges -y
sudo dpkg-reconfigure --priority=low unattended-upgrades
# Answer Yes to automatic updates

4. Recommended Next Steps for a Server

• Install fail2ban → brute-force protection sudo apt install fail2ban -y
• Set up NTP time sync (usually already active via systemd-timesyncd)
• Create swap file if RAM is low (e.g., 2–4 GB)

sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
# Make permanent
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

• Monitor logs: journalctl -u ssh, tail -f /var/log/auth.log
• Backup critical files: /etc, /home, databases

Debian servers are designed to run for 5+ years with minimal intervention — focus on security hardening, monitoring (prometheus/node-exporter, netdata), and regular apt update && apt upgrade.