Activating a new service and your first login

What should you do after your hosting or VPS service is activated? A guide to finding your access details, your first login via SSH and the control panel, and securely changing the default password.

1 min Updated 21 Jul 2026

The moment the "service activation" email lands in your inbox, the most important 30 minutes of that service's life have begun. Most breaches that happen in the first week are caused not by sophisticated vulnerabilities, but by an unchanged default password or an insecure login. In this guide, you'll see step by step where to find your access details, how to perform your first login to a shared hosting account or VPS, and how to change the default password the right way.

What Information Do You Receive After Service Activation?

After completing payment and service activation, you'll usually receive an email with a subject like "Your Service Information." Before doing anything else, find the following items in it and store them somewhere secure (preferably a password manager like Bitwarden or KeePass):

  • Service IP address — for example, 185.xx.xx.10. Until your domain's DNS is configured, you'll work with this IP.
  • Username — on shared hosting this is usually a dedicated username (like example1), while on a VPS it's most often root.
  • Initial password — a password generated automatically by the system that must be changed on first login.
  • Control panel address — usually https://IP:2083 for cPanel and https://IP:2222 for DirectAdmin.
  • Nameservers — two addresses like ns1.example-host.com that you'll later enter in your domain settings.

If you can't find the email, check your Spam folder and then log in to your client area; in most management panels (including the ServerNet client area), the same information is also displayed on the service details page.

First Login to Shared Hosting (cPanel and DirectAdmin)

On shared hosting, you log in through your browser. Enter the control panel address exactly as it appears in the email:

https://185.xx.xx.10:2083     (cPanel)
https://185.xx.xx.10:2222     (DirectAdmin)

Two important points at this stage:

  • An SSL warning is normal. Because you're still logging in with the IP rather than the domain, the browser may show an "invalid certificate" error. Until the domain is connected and a certificate is issued, this warning is expected and you can proceed temporarily.
  • Don't type the password; copy it. Generated passwords contain characters like l, I, and 1 that are easily misread.

Immediately after logging in, change your password: in cPanel, go to Preferences → Password & Security, and in DirectAdmin use the Change Password option. Choose a password of at least 16 characters combining letters, numbers, and symbols — the best approach is to let your password manager generate it.

Common Mistake: Copying the Password with an Extra Space

The most common cause of a "Login Failed" error on first login is a space or newline character being copied at the beginning or end of the password, especially when the password is copied from an email. First paste the password into a plain text editor, remove any extra spaces, and then place it in the login form. Note that after 5 to 10 failed attempts, the server firewall (usually CSF) may temporarily block your IP; in that case, instead of trying again, open a support ticket.

First Login to a VPS via SSH

On a virtual private server (VPS), you log in via SSH. On Linux and macOS use the terminal, and on Windows 10 and later use PowerShell (no need for PuTTY):

ssh root@185.xx.xx.10

On the first connection, you'll see a message like this:

The authenticity of host '185.xx.xx.10' can't be established.
ED25519 key fingerprint is SHA256:Xy4b...
Are you sure you want to continue connecting (yes/no)?

This message is normal and means your system is seeing this server for the first time. Type yes to save the server's fingerprint. If this same message appears again later (without the server having been reinstalled), take it seriously; it may be a sign of a security problem in the communication path.

Changing the Default root Password

The first command you run after logging in should be this:

passwd

You'll enter the new password twice. Note that when typing a password in Linux, no characters (not even asterisks) are displayed — this behavior is normal, and many new users think their keyboard isn't working.

One Step Further: SSH Keys Instead of a Password

A password, no matter how strong, is a constant target for brute-force attacks; on a fresh server, hundreds of automated login attempts are typically logged within the very first 24 hours. The standard solution is key-based login. Run this on your own machine (not the server):

ssh-keygen -t ed25519 -C "my-laptop"
ssh-copy-id root@185.xx.xx.10

Once you've confirmed that key-based login works, disable password login. Edit the /etc/ssh/sshd_config file:

PasswordAuthentication no
PermitRootLogin prohibit-password

And reload the service:

systemctl reload sshd

Important warning: Before closing your current terminal, test the key-based connection in a new window. If the configuration is wrong and you've closed the previous terminal, you'll lose access and will need to use the VNC console in the client area to fix it.

Connecting Your Domain After Service Activation

Once your login is secured, it's time to connect your domain. There are two common approaches:

  1. Using the host's nameservers: In your domain management panel (wherever you registered the domain), change the nameservers to the values from the activation email, for example ns1.example-host.com and ns2.example-host.com.
  2. Using an A record: If your domain's DNS is managed elsewhere, just add an A record pointing to the service IP:
example.com.      3600  IN  A     185.xx.xx.10
www.example.com.  3600  IN  A     185.xx.xx.10

DNS propagation usually takes anywhere from a few minutes to a few hours (depending on the previous TTL of the records, up to 48 hours in the worst case). To check the status:

dig +short example.com A

If the output matches your service's IP, the connection is established and you can issue a free SSL certificate (Let's Encrypt) from within the control panel. Before DNS propagation is complete, certificate issuance will fail — this is also one of the most frequent support questions.

The First 30-Minute Checklist

To sum up, after service activation, complete these seven steps in order:

  • Find the activation email and save the details in your password manager.
  • Perform your first login using the IP (control panel or SSH).
  • Change the default password immediately with passwd or from within the panel.
  • On a VPS, create an SSH key and disable password login.
  • Update the operating system: apt update && apt upgrade -y (Ubuntu/Debian).
  • Connect your domain via nameservers or an A record and verify with dig.
  • After DNS propagation, issue an SSL certificate.

This half-hour investment prevents the most common incidents of the first weeks — from getting locked out behind the firewall to breaches via default passwords. If you run into a problem at any step, before repeated attempts (which may get your IP blocked), note down the error log or the exact message text; that single sentence noticeably shortens support response time.

Was this page helpful?