How to Install Ubuntu 26.04 LTS Server on a VPS and Perform Basic Setup
Ubuntu 26.04 LTS was released in April 2026 under the codename Resolute Raccoon. Like any LTS release, it is designed for long-term use — Canonical promises support until 2031, and with an Ubuntu Pro subscription, until 2036. For server infrastructure, that means five years of stable security updates without having to plan annual migrations.
An important nuance: most cloud providers at the time of the 26.04 release offer 24.04 LTS and 25.10 images, but not 26.04 directly. That is normal — Canonical has provided an official upgrade path, and it is well-tested. In this article, we will look at how to upgrade a server from 24.04 LTS or 25.10 to 26.04 LTS, and at the same time perform the basic security setup needed on any fresh or upgraded VPS.
What Is New in Ubuntu 26.04 LTS for Server Tasks
Before moving on to commands, it is worth understanding why upgrade at all. For server environments, 26.04 brought several significant changes.
OpenSSH has been updated to version 10.2p1. Support has been added for the post-quantum key exchange algorithm mlkem768x25519-sha256 — it is enabled by default and protects the connection even if sufficiently powerful quantum computers appear. Support for the weak DSA algorithm has been removed. The PerSourcePenalties option has appeared, which automatically blocks addresses that do not complete authentication. In addition, both service names now work — ssh.service and the alias sshd.service.
Chrony has replaced systemd-timesyncd. The new time synchronization daemon supports NTS (authenticated and encrypted NTP) and uses Ubuntu servers by default. When upgrading from 24.04, it must be installed separately — we will show how.
Key updates to the server stack: PostgreSQL has risen to version 18 with a new I/O subsystem (according to Canonical — up to three times faster when reading from disk), MySQL has been updated to 8.4 LTS, PHP to 8.5, and Django to 5.2 LTS. DocumentDB has appeared — a MongoDB-compatible database based on PostgreSQL. Valkey has been updated to 9.0.
sudo-rs and rust-coreutils. Starting with 26.04, sudo by default is the Rust implementation (sudo-rs), and the basic operating system utilities have also moved to Rust. For most tasks, you will not notice any difference, but it is worth knowing about if something behaves unexpectedly.
Linux kernel 7.0 with support for Intel Core Ultra Series 3, improved virtualization, and — importantly for servers — the real-time kernel is now available in the main archive without an Ubuntu Pro subscription.
cgroup v1 has been removed. If you have old configurations or containers tied to cgroup v1, you need to migrate them to cgroup v2 before upgrading.
Choosing the Starting Point: 24.04 LTS or 25.10
The path to 26.04 depends on which version you currently have. Ubuntu supports upgrading only from the previous release — you cannot jump from 22.04 straight to 26.04 with a single command.
| Current version | Upgrade path | You get changes from | Notes |
|---|---|---|---|
| 24.04 LTS | 24.04 → 26.04 directly | 24.10, 25.04, 25.10, 26.04 | Recommended path for production |
| 25.10 | 25.10 → 26.04 directly | Only changes in 26.04 | Minimal amount of change |
| 22.04 LTS | 22.04 → 24.04 → 26.04 | All intermediate releases | Two stages, more time |
If you are creating a VPS from scratch and the provider offers 24.04 — that is an excellent starting point. Canonical considers it the main “source” for upgrading to 26.04.
Step 0: Creating the VPS and First Connection
If you do not yet have a server — create one based on Ubuntu 24.04 LTS or 25.10. On VPS from Serverspace, the image is deployed in minutes: choose the configuration, operating system, set the root password or upload an SSH key — and the server is ready to use.
After startup, connect via SSH:
ssh root@The system will ask you to confirm the server key fingerprint — type yes. If you are connecting from Windows, use the built-in OpenSSH (available since Windows 10) or PuTTY.
Step 1: Preparing the System Before the Upgrade
Do not rush the upgrade command. A few minutes of preparation will save you from problems during the process.
Update all current packages to the latest versions. Upgrading a system on top of outdated packages is a common cause of conflicts:
apt update && apt upgrade -y && apt autoremove -yInstall the release-upgrade utility if it is not already installed:
apt install update-manager-core -yCheck whether upgrades are configured for LTS releases. Open the configuration file:
cat /etc/update-manager/release-upgradesThe output should contain the line Prompt=lts. If it says Prompt=never — change the value to lts using any text editor.
Take a snapshot or backup. Most providers allow you to create a disk snapshot directly from the control panel. Do this before upgrading — rollback will take minutes, not hours of recovery from backup.
Make sure there is enough disk space. The upgrade requires at least 2–3 GB of free space:
df -h /If you have less than 3 GB free — clear the package cache with apt clean.
Check compatibility with cgroup v2. In 26.04, cgroup v1 support has been completely removed. Make sure the system is already running on cgroup v2:
stat -fc %T /sys/fs/cgroupIf the answer is cgroup2fs — everything is fine. If you see tmpfs, the system is using cgroup v1 or hybrid mode, and you need to switch before upgrading.
Step 2: Starting the Upgrade to Ubuntu 26.04 LTS
On a VPS, it is best to run the upgrade in screen — if the connection is interrupted, the process will continue in the background:
apt install screen -y
screen -S upgradeNow start the upgrade wizard:
do-release-upgradeIf the upgrade is not yet available through the standard channel (this can happen in the first weeks after a release), add the -d flag:
do-release-upgrade -dIf the connection drops — reconnect and restore the session:
screen -r upgradeThe wizard will display a list of changes and ask for confirmation. After that, the process is mostly automatic, but it will require several answers about configuration files.
The most common question is — “The configuration file has been changed. Keep the current version or replace it?” For files you have edited (SSH, Nginx, MySQL, etc.), choose N (keep) to preserve your settings. You can view the difference with D directly in the dialogue — this helps you make an informed decision.
At the end, the wizard will ask about rebooting — agree. The server will come back up in a minute or two.
Step 3: Verification After the Upgrade
After reboot, connect via SSH and check the system version:
lsb_release -aThe output should show Ubuntu 26.04 LTS and Resolute Raccoon. Check the kernel:
uname -rThe kernel should be version 7.0 or newer. Make sure there are no “broken” dependencies left:
apt --fix-broken install
apt autoremove -y
apt cleanAfter upgrading from 24.04, the system will usually offer to remove several dozen obsolete packages — that is normal, confirm it. Also check the logs for errors:
journalctl -p err -bStep 4: Switching to Chrony (for those who upgraded from 24.04)
In 26.04, Chrony has replaced systemd-timesyncd as the main time synchronization daemon. When upgrading from 24.04, it needs to be installed manually:
apt-mark auto systemd-timesyncd
apt install chrony -yAfter installation, make sure synchronization works:
chronyc trackingThe output should contain a Reference ID line with the NTP server address and System time with a small deviation — units of milliseconds are considered normal.
Step 5: Basic Security Setup
Regardless of whether you upgraded the system or created a new VPS — the basic security settings are the same. Let’s go through them step by step.
Creating a User and Setting Up sudo
Working permanently as root is dangerous: any typo in a command is applied immediately and irreversibly. Create a regular user and add it to the sudo group:
adduser deploy
usermod -aG sudo deployCheck that sudo works — switch to the new user:
su - deploy
sudo whoamiIf root is returned — everything is configured correctly. Note: in 26.04, the sudo command is now handled by the sudo-rs implementation, and behavior for standard scenarios is identical to classic sudo.
Setting Up SSH Keys
Passwords for SSH login are a weak point. Keys are more reliable: without the private part, it is impossible to access the server, even knowing the password. If you do not yet have a key pair — generate it on your machine (not on the server):
ssh-keygen -t ed25519 -C "your@email.com
"The ed25519 algorithm is faster and more secure than old RSA. Copy the public key to the server:
ssh-copy-id deploy@If ssh-copy-id is unavailable (for example, on Windows) — manually add the contents of the file ~/.ssh/id_ed25519.pub to ~/.ssh/authorized_keys on the server:
mkdir -p ~/.ssh
echo "YOUR_PUBLIC_KEY" >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keysDisabling Password Login and Root Login
As soon as the keys are configured — disable password login. Open the SSH config:
sudo nano /etc/ssh/sshd_configFind and set the following parameters:
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yesSave the file (Ctrl+O, then Ctrl+X) and restart SSH. In 26.04, both service names work:
sudo systemctl restart sshImportant: do not close your current session. Open a second terminal and make sure you can log in with the key — only after a successful check can you close the old window.
Configuring the UFW Firewall
First allow SSH, and only then enable the firewall — otherwise you risk locking yourself out:
sudo ufw allow OpenSSH
sudo ufw enableFor a web server, add ports 80 and 443:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcpCheck the status and the list of rules:
sudo ufw status verboseStep 6: Additional Settings
Two small steps that are often forgotten after an upgrade.
Time zone. By default, the server runs in UTC. If you need Moscow time:
sudo timedatectl set-timezone Europe/MoscowHostname. Helps distinguish servers when there are several:
sudo hostnamectl set-hostname my-serverWhat Else to Configure — Extended Checklist
| Task | Why it is needed | Tool |
|---|---|---|
| Automatic security updates | Patches are applied without manual intervention | unattended-upgrades |
| Protection against password guessing | Blocks IPs after several failed login attempts | fail2ban |
| Resource monitoring | Shows what is consuming CPU, RAM, disk | htop, glances |
| Database upgrades | PostgreSQL 18, MySQL 8.4 require separate steps for data | pg_upgradecluster, official guides |
| Backups | Recovery after failures and mistakes | rsync, provider snapshots |
| Checking System V scripts | systemd 259 is the last release with init-script support | Conversion to systemd unit files |
| Checking sudo-rs | Make sure it is compatible, especially when using LDAP | sudo --version |
Practical Use Cases for Ubuntu 26.04 LTS Server on a VPS
Web hosting and CMS. A server with Nginx, PHP 8.5, and a database is the standard stack for WordPress, Drupal, or any other PHP system. PHP 8.5 brought property hooks, the pipe operator, and an improved DOM API, which is noticeable in modern frameworks like Laravel and Symfony.
Backend for a web or mobile application. Python, Node.js, Go — all of this is easy to deploy on Ubuntu. With systemd 259, you can configure autostart and monitoring without additional tools. It is worth noting that systemd 259 in 26.04 is the last release with support for System V init scripts: if you have old init.d scripts, now is the time to convert them into unit files.
Databases. PostgreSQL 18 with the new I/O subsystem is suitable for heavily loaded projects — Canonical reports disk read acceleration of up to three times in some scenarios. MySQL 8.4 LTS, unlike 8.0, is supported long-term. If you need a MongoDB-compatible database — DocumentDB is now available directly from the Ubuntu repository.
AI/ML workloads. In 26.04, NVIDIA CUDA Toolkit and AMD ROCm 7.1.0 have been added to the official Ubuntu archive. If your VPS has a GPU — installing them is now easier than before: sudo apt install cuda-toolkit without additional third-party repositories.
Secure infrastructure. OpenSSL supports post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA), and OpenSSH uses the hybrid post-quantum key exchange mlkem768x25519-sha256 by default. For projects with higher security requirements, this is a noticeable step forward without any additional configuration on your side.
Common Mistakes and How to Avoid Them
Upgrading without a snapshot. If something goes wrong during the upgrade, reverting to a working state without a snapshot will be long and painful. Create a snapshot through the provider panel before starting — it takes a minute.
Not updating packages before upgrading. do-release-upgrade works better on a fully updated system. Run apt update && apt upgrade -y immediately before starting, even if you did it recently.
Running the upgrade without screen or tmux. An upgrade from 24.04 takes 20–40 minutes. If the SSH connection drops in the middle — the process will stop in an undefined state. Always use screen -S upgrade.
Replacing all configuration files with new versions. When the upgrade wizard offers to overwrite a modified configuration file — for everything you have edited (SSH, Nginx, PHP, MySQL), choose N to keep your version. If you are unsure — press D to view the diff directly in the dialogue.
Ignoring the removal of cgroup v1. Older versions of Docker, LXC, or some systemd units may depend on cgroup v1. Check this before upgrading: the command stat -fc %T /sys/fs/cgroup should return cgroup2fs.
Not configuring Chrony after upgrading from 24.04. After the upgrade, systemd-timesyncd will technically continue to work, but Chrony provides encrypted synchronization via NTS and keeps time more accurately. Installation takes a minute, and the difference is noticeable on servers with heavy network load.
Forgetting to check logs after the upgrade. A few hours after the update is a good time to browse the system journal:
journalctl -p err -bThis command shows only errors since the last boot — fast and to the point.
Conclusion
Upgrading a VPS to Ubuntu 26.04 LTS is not a one-time operation, but a deliberate move to a platform supported until 2031. From 24.04 LTS, the path takes one step: do-release-upgrade in a screen session, a few answers to configuration questions, a reboot — and the server is on the new system.
The key benefits for server tasks are out-of-the-box post-quantum SSH, Chrony with NTS encryption, PostgreSQL 18 with a redesigned I/O subsystem, PHP 8.5, MySQL 8.4 LTS, the real-time kernel without Ubuntu Pro, and official CUDA and ROCm support in the archive. For most projects, these are tangible improvements that come without extra effort after the upgrade.
Deploy Ubuntu 24.04 LTS on a VPS Serverspace — and within an hour you will have a ready-to-use 26.04 server with basic security configured.
Frequently Asked Questions
Only if the provider supplied a ready-made 26.04 image. If not — take 24.04 or 25.10 and upgrade with do-release-upgrade. This is the official and well-tested path.
For a production server — 24.04 LTS. It is more stable, supported longer, and the upgrade to 26.04 from it is well documented. 25.10 is an intermediate release, used if you need specific packages from a newer snapshot. Support for 25.10 ends in April 2026, so it is not worth staying on it for long.
From 25.10 — about 15–20 minutes. From 24.04 LTS — 30–40 minutes, sometimes longer on a slow connection. Most of the time is spent downloading packages; the installation itself is fast.
sudo-rs is the Rust implementation of sudo, which replaced the classic one by default in 26.04. For most scenarios it is fully compatible. If you used sudo-ldap — note: this package has been removed, and you need to switch to LDAP via PAM.
Yes. The packages will be updated to the new versions, but the data in the database remains in the old format. PostgreSQL requires an explicit run of pg_upgradecluster. MySQL 8.4 starts migration automatically, but for production it is better to make a dump before upgrading the system. Read the official documentation for your DBMS before starting the upgrade.
The first step is to check the logs: cat /var/log/dist-upgrade/main.log. Often the problem is “broken” dependencies — apt --fix-broken install fixes them, after which you can repeat do-release-upgrade. If the situation is serious — restore from the snapshot you made before upgrading.
