Those mistakes lead to troubles in installing software, security threats and Data Loss.
To avoid those situations, you have to make some changes in the server configurations.
You might be one of the people who do the mistake in configuring the server.
You May ask,
"Why should I need initial server setup for my server?"
The Answer is simple.
It is to make your server secure and suitable to work as a web server.
In this tutorial i am going to show you the initial server setup for Servers running on CentOS 6.
I will cover the initial server setup guide for CentOS 7 later in this article.
Here are the required steps for initial server setup for CentOS 6 server.
- Logging into the Root Server
- Creating a new user in CentOS
- Grant the user with Root Privileges
- Add Public Key Authentication
- Configuring SSH Daemon
How to login to CentOS from Local Machine
If you are Linux User, you can login to the remote server from local terminal.
If you are a windows user, you need to install PuTTY software to access the remote server.
To Login to the Remote server, you will need two things.
-> The Remote Server's Public IP address
->The Root Password( If you have non-root user, then you need the user name to log in)
For Linux Users:
Open your terminal and log in to the remote host using the IP address and mention the root as the user.
local$ ssh root@server_IP_address
A warning will arise about connecting with the unknown remote host if you are logging into the server for the first time.
Accept that warning about the Host Authenticity and you will be prompted to enter the root password.
For the First time Login:
Enter the root password and you will be logged in.
If you are logging in for the first time, you have to change the password. Use the below command to change the password.
CentOS will notify you regarding the password weakness.
It wont prevent you from setting simple passwords.
Set your password stronger to secure the server.
Next time when you login to the server, you can use the newly created password.
For Windows User:
If you have local desktop running on Windows OS, then you have to download and install the PuTTY.
Open the PuTTY and enter your server IP address and port number (22)
Click on Open.
After that, you have to enter the user name.
If the username is correct, you will be prompted to SEO tools for Optimizing wordpress site.
Enter the password and login to the server.
In CentOS, changing user password is necessary.
Use the command below to change password.
If you are logging in for the first time, then follow the above instructions.
Why should you use a non root user?
Root user in the CentOS has all the privileges and it is very powerful to use.
If you make any changes by mistake, it can even destroy your server.
That is why we are always going for a non-root user with sudo privileges which is good enough to do tasks.
We are going to create a new user and provide the user with root privileges.
First create a new user from root user.
Create the password for that user.
How to give Root permission to user in CentOS
Once you created the user, you have to give root privileges.
To do that open the sudo configuration.
You can see the following lines.
# User privilege specification root ALL=(ALL) ALL
Add the following lines in the configuration file.
demo ALL=(ALL) ALL
After that Press Escape, w,q. Then press enter to save and exit the file.
How to configure SSH in CentOS 6
We are going to take one more step to make the server more secure by altering the configuration file.
Open the SSH configuration file using vi editor.
sudo vi /etc/ssh/sshd_config
Make the changes in parameter as it is given.
Port 25000 Protocol 2 PermitRootLogin no UseDNS no
Here, Let me explain about the changes.
Port: The default port number is 22 and it is known to all. People may try access your server when they know the IP.
You have to change the port number from 1025 to 65535.
So, it will become harder to guess for hackers and your server also responds for login access only at this port.
Permit Root Login: Since the default user for any system is root, the hacker will try to access the root login with random passwords.
When you prevent the remote root login, the hacker can't access it and they dont know other user name we use to access the server.
Add the following line in the at the bottom of the file.
Replace the demo with user name.
Save and exit the file.
Reload the SSH
Reload the SSH to make the changes to take effect.
service sshd reload
Now, Let us test the configuration.
ssh -p 25000 email@example.com
Here, you have to mention the port number to access the server.
The prompt will look like below.
People who are providing wrong port number will be denied for access. It makes the hacking hard for anyone.
We have seen the initial server setup for CentOS 6, now let us see the server setup for CentOS 7.
CentOS7 Initial Server Setup
Root Login is same as CentOS 6 for CentOS 7.
You need to have server IP address and root password to access the server.
For Linux Users:
If you are Linux user follow the below command to access the root server from your terminal.
local$ ssh root@SERVER_IP_ADDRESS
By Mentioning root as the user name with IP address in the command, you can access the server.
Accept the warning about the host authenticity. You will be prompted to enter the password.
If you are logging into the server for the first time, then you have to change the password.
For Windows Users:
If you are using windows to access your server, then you need to install a software called PuTTY.
Enter the default port number and IP address of the server and click on Open.
Accept the host authenticity warning to enter the server.
Enter the root password and if you are logging in the server for the first time, you have to change the password.
How to create a new user in centOS 7
You should not use root user to access the server and make changes in the server.
You have to create a new user and give it with root privileges.
Root is most privileged user so that you can do anything with the root.
The changes you have made by mistake could destruct the server.
So, it is always necessary to create a new user and grant them with root privileges.
You have to use CentOS useradd command to add a new user.
# adduser selva
Now, Assign the password to the user.
# passwd ****
If you want to list all users in CentOS, List users command will be helpful for you.
$ cut -d: -f1 /etc/passwd
It will list all the local users in CentOS.
Grant Root Privileges
Once you created a user, your have to give root privileges to the user.
In CentOS, add users to sudoers is simple.
To make normal user as super user, you have to add them in the wheel group in CentOS.
The user in this group can use the sudo command.
# gpasswd -a selva wheel
Execute the above command to grant the user with sudo privileges.
Install SSH in CentOS 7
Adding Public Key authentication is the best way to improve the server security.
To generate the public and private key pair on your machine, execute the following command on your local machine.
You will get the following output.
ssh-keygen output Generating public/private rsa key pair. Enter file in which to save the key (/Users/localuser /.ssh/id_rsa):
Press Enter to accept the path and file.
You will be asked to enter the paraphrase. You can skip it.
If you enter the paraphrase, you will also need that while entering private key to login to the server.
Adding Paraphrase the improves the security.
The public key authentication is also giving enough security to the server.
Now we have to add the public key to the server.
There are two ways to add the public key to the server.
- Using copy SSH-COPY-ID
- Add the Key to the server manually.
First let us see the Copy SSH-Copy-ID method.
1) Use SSH Copy Id
You need to have ssh-copy-id script installed on your server.
Execute the below command by replacing the user name and IP address.
local$ ssh-copy-id selva@SERVER_IP_ADDRESS
This command will install the public key on the server.
You will be prompted to enter password and the public key will be installed on the remote server at .ssh/authorized_keys.
2) Add the key to the server Manually
In your local terminal, execute the following command.
local$ cat ~/.ssh/id_rsa.pub
The above command will publish the public key
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAmPJbTWDoyL1qP13sxcezFjWhiz0NM8BdDlSREkxCjLfcYBvVrRr2bQpvbF7opmmbknfnFoAIBmoEPjQr9O9w+kCu+awgbMsOw3C7ucy8seX2m5xIwWb/LNTZIL9FhZVFv7A/+Dpub5eFBxisiZwCWyVYoZzRxbUF3lrLPFEMiYQrUJE0WKf0uN+BVoVDGAOfnQw/j2x+dWMV7BY0xMDE2U6+kO3N7akqPULuPefi1y4S2gCxyOjy7kl1SOo59oHpdlHYUAtGlOPLDYZ1w5d/8KDb3ucm+SnC+p6TTiDDmQMLDa2Teir0krabohhQx4URkiRi4T2BXI5EbN7yoLWYuw== rsa-key-20170516
Copy the Key to your clipboard.
Login to the remote server as sudo non root user.
Create .ssh directory and set the permission.
mkdir .ssh chmod 700 .ssh
Open a file called authorized_keys in the with the vi text editor.
Press i to enter the insert mode and past the public key from the clipboard.
After that hit Esc to come out from insert mode and then press x.
Save and exit file.
Change the permission for the file using the following command.
$ chmod 600 .ssh/authorized_keys
Execute the below command to exit from the non root user and return to root login.
Thats all. Now you can use Private Key to access the remote server.
Our next step is to configure the SSH Daemon.
Configuring SSH Daemon
We have already created an account to access the remote server.
Here, We are going to take one more step to secure our server.
Let us make a modification in the SSH configuration to disable the Remote SSH login for root user.
Opening the configuration file using vi editor
# vi /etc/ssh/sshd_config
Find the below lines in the configuration file.
/etc/ssh/sshd_config (before) #PermitRootLogin yes
The above line in the configuration file allows Remote Root Login.
Since we have an normal user account with user privileges, we can disable the remote root login and access the server from the normal user account.
Change the word Yes to No.
/etc/ssh/sshd_config (after) PermitRootLogin no
Now, Save and Exit the file.
To make the changes take effect, we have to restart the SSH service.
In CentOS 7, Restart SSHD is very easy.
Execute the below command to restart the SSH service.
# systemctl reload sshd
Before exiting the remote server, we have test the configuration whether they are working perfectly.
Because you should not end up in trouble if anything goes wrong.
Open a new terminal and login to the server as a non root userwe have created with sudo privileges.
local$ ssh selva@SERVER_IP_ADDRESS
Replace the username and IP address with the corresponding credentials.
If you have changed the port number of the remote server, dont forget to mention that in the command.
Once you logged into the server, try to run the commands with administrator privileges using sudo.
Any command should work in this format.
$ sudo command_to_run
If everything works well, then you can exit from server.
Here in this article you have learned the initial Server Setup for both CentOS 6 and CentOS 7. In that you have seen the
- How to create a new user in CentOS.
- How to Grant sudo Privileges to the new user.
- How to Add Public Key authentication in CentOS.
- How to Configure the SSH Daemon.
Configuring CentOS is somewhat similar to other Linux operating systems. The commands also differs a little bit.
Follow the security precautions we have mentioned in here.
Because it is always very critical to protect a server from the threat.
Some basic changes in the server configuration can give good protection.
If you still have doubts regarding the Initial Server Setup configuration for CentOS, just leave that in the command and we will help you.