Official Power Up Hosting Blog

Everything about Linux, Windows, and hosting ;)

Selvakumar
Author

I am an Online Marketer and technology lover. I like to learn new things and share that with people.

Share


Our Newsletter


Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Tags


Twitter


Official Power Up Hosting Blog

CentOS 6&7 - Initial Server Setup and Security Guide (For Beginners)

SelvakumarSelvakumar

A person who gets the VPS or Dedicated server for the first time does some mistakes.

Those mistakes lead to troubles in installing software, security threats and Data Loss.

To avoid those situations, you have to make some changes in the server configurations.

You might be one of the people who do the mistake in configuring the server.

You May ask,

"Why should I need initial server setup for my server?"

The Answer is simple.

It is to make your server secure and suitable to work as a web server.

In this tutorial i am going to show you the initial server setup for Servers running on CentOS 6.

I will cover the initial server setup guide for CentOS 7 later in this article.

centos initial server setup

Here are the required steps for initial server setup for CentOS 6 server.

  1. Logging into the Root Server
  2. Creating a new user in CentOS
  3. Grant the user with Root Privileges
  4. Add Public Key Authentication
  5. Configuring SSH Daemon

How to login to CentOS from Local Machine

If you are Linux User, you can login to the remote server from local terminal.

But:

If you are a windows user, you need to install PuTTY software to access the remote server.

To Login to the Remote server, you will need two things.

-> The Remote Server's Public IP address

->The Root Password( If you have non-root user, then you need the user name to log in)

For Linux Users:

Open your terminal and log in to the remote host using the IP address and mention the root as the user.

local$ ssh root@server_IP_address

A warning will arise about connecting with the unknown remote host if you are logging into the server for the first time.

Accept that warning about the Host Authenticity and you will be prompted to enter the root password.

For the First time Login:

Enter the root password and you will be logged in.

If you are logging in for the first time, you have to change the password. Use the below command to change the password.

passwd

CentOS will notify you regarding the password weakness.

But:

It wont prevent you from setting simple passwords.

Set your password stronger to secure the server.

Next time when you login to the server, you can use the newly created password.

For Windows User:

If you have local desktop running on Windows OS, then you have to download and install the PuTTY.

Open the PuTTY and enter your server IP address and port number (22)

Click on Open.

After that, you have to enter the user name.

If the username is correct, you will be prompted to SEO tools for Optimizing wordpress site.

Enter the password and login to the server.

In CentOS, changing user password is necessary.

Use the command below to change password.

$ passwd

If you are logging in for the first time, then follow the above instructions.

Why should you use a non root user?

Root user in the CentOS has all the privileges and it is very powerful to use.

If you make any changes by mistake, it can even destroy your server.

That is why we are always going for a non-root user with sudo privileges which is good enough to do tasks.

We are going to create a new user and provide the user with root privileges.

First create a new user from root user.

/usr/sbin/adduser demo

Create the password for that user.

passwd demo

How to give Root permission to user in CentOS

Once you created the user, you have to give root privileges.

To do that open the sudo configuration.

/usr/sbin/visudo

You can see the following lines.

# User privilege specification
root    ALL=(ALL)       ALL

Add the following lines in the configuration file.

demo    ALL=(ALL)       ALL

After that Press Escape, w,q. Then press enter to save and exit the file.

How to configure SSH in CentOS 6

We are going to take one more step to make the server more secure by altering the configuration file.

Open the SSH configuration file using vi editor.

sudo vi /etc/ssh/sshd_config

Make the changes in parameter as it is given.

Port 25000
Protocol 2
PermitRootLogin no
UseDNS no

Here, Let me explain about the changes.

Port: The default port number is 22 and it is known to all. People may try access your server when they know the IP.

You have to change the port number from 1025 to 65535.

So, it will become harder to guess for hackers and your server also responds for login access only at this port.

Permit Root Login: Since the default user for any system is root, the hacker will try to access the root login with random passwords.

When you prevent the remote root login, the hacker can't access it and they dont know other user name we use to access the server.

Add the following line in the at the bottom of the file.

AllowUsers demo

Replace the demo with user name.

Save and exit the file.

Reload the SSH

Reload the SSH to make the changes to take effect.

service sshd reload

Now, Let us test the configuration.

ssh -p 25000 demo@123.45.67.890

Here, you have to mention the port number to access the server.

The prompt will look like below.

[demo@yourname ~]$

People who are providing wrong port number will be denied for access. It makes the hacking hard for anyone.

We have seen the initial server setup for CentOS 6, now let us see the server setup for CentOS 7.

CentOS7 Initial Server Setup

Root Login:

Root Login is same as CentOS 6 for CentOS 7.

You need to have server IP address and root password to access the server.

For Linux Users:

If you are Linux user follow the below command to access the root server from your terminal.

local$ ssh root@SERVER_IP_ADDRESS

By Mentioning root as the user name with IP address in the command, you can access the server.

Accept the warning about the host authenticity. You will be prompted to enter the password.

If you are logging into the server for the first time, then you have to change the password.

For Windows Users:

If you are using windows to access your server, then you need to install a software called PuTTY.

Enter the default port number and IP address of the server and click on Open.

Accept the host authenticity warning to enter the server.

Enter the root password and if you are logging in the server for the first time, you have to change the password.

How to create a new user in centOS 7

You should not use root user to access the server and make changes in the server.

You have to create a new user and give it with root privileges.

Root is most privileged user so that you can do anything with the root.

The changes you have made by mistake could destruct the server.

So, it is always necessary to create a new user and grant them with root privileges.

You have to use CentOS useradd command to add a new user.

# adduser selva

Now, Assign the password to the user.

# passwd ****

If you want to list all users in CentOS, List users command will be helpful for you.

$ cut -d: -f1 /etc/passwd

It will list all the local users in CentOS.

Grant Root Privileges

Once you created a user, your have to give root privileges to the user.

In CentOS, add users to sudoers is simple.

To make normal user as super user, you have to add them in the wheel group in CentOS.

The user in this group can use the sudo command.

# gpasswd -a selva wheel

Execute the above command to grant the user with sudo privileges.

Install SSH in CentOS 7

Adding Public Key authentication is the best way to improve the server security.

To generate the public and private key pair on your machine, execute the following command on your local machine.

local$ ssh-keygen

You will get the following output.

ssh-keygen output
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/localuser /.ssh/id_rsa):

Press Enter to accept the path and file.

Now:

You will be asked to enter the paraphrase. You can skip it.

If you enter the paraphrase, you will also need that while entering private key to login to the server.

Adding Paraphrase the improves the security.

But:

The public key authentication is also giving enough security to the server.

Now we have to add the public key to the server.

There are two ways to add the public key to the server.

  1. Using copy SSH-COPY-ID
  2. Add the Key to the server manually.

First let us see the Copy SSH-Copy-ID method.

1) Use SSH Copy Id

You need to have ssh-copy-id script installed on your server.

Execute the below command by replacing the user name and IP address.

local$ ssh-copy-id selva@SERVER_IP_ADDRESS

This command will install the public key on the server.

You will be prompted to enter password and the public key will be installed on the remote server at .ssh/authorized_keys.

2) Add the key to the server Manually

In your local terminal, execute the following command.

local$ cat ~/.ssh/id_rsa.pub

The above command will publish the public key

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAmPJbTWDoyL1qP13sxcezFjWhiz0NM8BdDlSREkxCjLfcYBvVrRr2bQpvbF7opmmbknfnFoAIBmoEPjQr9O9w+kCu+awgbMsOw3C7ucy8seX2m5xIwWb/LNTZIL9FhZVFv7A/+Dpub5eFBxisiZwCWyVYoZzRxbUF3lrLPFEMiYQrUJE0WKf0uN+BVoVDGAOfnQw/j2x+dWMV7BY0xMDE2U6+kO3N7akqPULuPefi1y4S2gCxyOjy7kl1SOo59oHpdlHYUAtGlOPLDYZ1w5d/8KDb3ucm+SnC+p6TTiDDmQMLDa2Teir0krabohhQx4URkiRi4T2BXI5EbN7yoLWYuw== rsa-key-20170516

Copy the Key to your clipboard.

Login to the remote server as sudo non root user.

Create .ssh directory and set the permission.

mkdir .ssh
chmod 700 .ssh

Now:

Open a file called authorized_keys in the with the vi text editor.

$vi .ssh/authorized_keys

Press i to enter the insert mode and past the public key from the clipboard.

After that hit Esc to come out from insert mode and then press x.

Save and exit file.

Change the permission for the file using the following command.

$ chmod 600 .ssh/authorized_keys

Execute the below command to exit from the non root user and return to root login.

Thats all. Now you can use Private Key to access the remote server.

Our next step is to configure the SSH Daemon.

Configuring SSH Daemon

We have already created an account to access the remote server.

Here, We are going to take one more step to secure our server.

Let us make a modification in the SSH configuration to disable the Remote SSH login for root user.

Opening the configuration file using vi editor

# vi /etc/ssh/sshd_config

Find the below lines in the configuration file.

                /etc/ssh/sshd_config (before)
#PermitRootLogin yes

The above line in the configuration file allows Remote Root Login.

Since we have an normal user account with user privileges, we can disable the remote root login and access the server from the normal user account.

Change the word Yes to No.

                 /etc/ssh/sshd_config (after)
PermitRootLogin no

Now, Save and Exit the file.

To make the changes take effect, we have to restart the SSH service.

In CentOS 7, Restart SSHD is very easy.

Execute the below command to restart the SSH service.

# systemctl reload sshd

Before exiting the remote server, we have test the configuration whether they are working perfectly.

Because you should not end up in trouble if anything goes wrong.

Now:

Open a new terminal and login to the server as a non root userwe have created with sudo privileges.

 local$ ssh selva@SERVER_IP_ADDRESS

Replace the username and IP address with the corresponding credentials.

If you have changed the port number of the remote server, dont forget to mention that in the command.

Once you logged into the server, try to run the commands with administrator privileges using sudo.

Any command should work in this format.

$ sudo command_to_run

If everything works well, then you can exit from server.

$exit

Conclusion:

Here in this article you have learned the initial Server Setup for both CentOS 6 and CentOS 7. In that you have seen the

  • How to create a new user in CentOS.
  • How to Grant sudo Privileges to the new user.
  • How to Add Public Key authentication in CentOS.
  • How to Configure the SSH Daemon.

Configuring CentOS is somewhat similar to other Linux operating systems. The commands also differs a little bit.

Follow the security precautions we have mentioned in here.

Because it is always very critical to protect a server from the threat.

Some basic changes in the server configuration can give good protection.

If you still have doubts regarding the Initial Server Setup configuration for CentOS, just leave that in the command and we will help you.

Selvakumar
Author

Selvakumar

I am an Online Marketer and technology lover. I like to learn new things and share that with people.

Comments