Initial Server Setup on CentOS 6

Here are some recommendations to setup your VPS or server when you first get it, some of these will help you make it less vulnerable, while this is no guarantee that your server will not get hacked, it makes it a little bit harder and gets you going on the basics.

Step One—Root Login

Once you know your IP address and root password, login as the main user, root, for the sake of this tutorial we'll pretend that the IP is x.x.x.x, make sure to replace that with your actual IP

It is not encouraged to use root on a regular basis, and this tutorial will help you set up an alternative user to login with permanently.

ssh [email protected]

The terminal will show:

The authenticity of host 'x.x.x.x (x.x.x.x)' can't be established.
ECDSA key fingerprint is 98:6b:46:1a:37:a1:11:8e:86:54:36:bb:38:3c:c0:fa.
Are you sure you want to continue connecting (yes/no)? 

Go ahead and type yes, and then enter your root password.

 

Step Two—Change Your Password

Currently your root password is the default one that was sent to you when you registered your droplet. The first thing to do is change it to one of your choice.

passwd

CentOS is very cautious about the passwords it allows. After you type your password, you may see a BAD PASSWORD notice. You can either set a more complex password or ignore the message—CentOS will not actually stop you from creating a short or simple password, although it will advise against it.

 

Step Three— Create a New User

After you have logged in and changed your password, you will not need to login again to your VPS as root. In this step we will make a new user, with a new password, and give them all of the root capabilities.

First, create your user; here we'll be using test as the username, you can make that whatever you want

/usr/sbin/adduser test

Second, create a new user password:

passwd test
 

Step Four— Root Privileges

As of yet, only root has all of the administrative capabilities. We are going to give the new user the root privileges.

When you perform any root tasks with the new user, you will need to use the phrase “sudo” before the command. This is a helpful command for 2 reasons: 1) it prevents the user from making any system-destroying mistakes 2) it stores all the commands run with sudo to the file ‘/var/log/secure' which can be reviewed later if needed.

Let’s go ahead and edit the sudo configuration. This can be done through the default editor, which in CentOS is called ‘vi’

/usr/sbin/visudo

Find the section called user privilege specification.

It will look like this:

# User privilege specification
root    ALL=(ALL)       ALL

Under the details of root's privileges, add the following line, granting all the permissions to your new user.

To began typing in vi, press “a”.

test   ALL=(ALL)       ALL

Press Escape:wq, then Enter to save and exit the file.

 

Step Five— Configure SSH (OPTIONAL)

Now it’s time to make the server more secure. These steps are optional. They will make the server more secure by making login more difficult.

Open the configuration file

sudo vi /etc/ssh/sshd_config

Find the following sections and change the information where applicable:

Port 45000
Protocol 2
PermitRootLogin no
UseDNS no

We’ll take these one by one.

Port: Although port 22 is the default, you can change this to any number between 1025 and 65536. In this example, I am using port 45000. Make sure you make a note of the new port number. You will need it to login in the future, and this change will make it more difficult for unauthorized people to log in.

PermitRootLogin: change this from yes to no to stop future root login. You will now only login as the new user.

Add this line to the bottom of the document, replacing test with your username:

AllowUsers test

Save and Exit

 

Step Six— Reload and Done!

Reload SSH, and it will implement the new ports and settings.

service sshd reload

To test the new settings (don’t logout of root yet), open a new terminal window and login into your virtual server as your new user.

Don’t forget to include the new port number.

ssh -p 45000 [email protected]

Your prompt should now say:

[test@machinename ~]$
 

 

  • 48 Users Found This Useful
Was this answer helpful?

Related Articles

How to easily encrypt files with gocryptfs on Linux

Gocryptfs is a Filesystem in Userspace (FUSE)-mounted file-level encryption program. FUSE-mounted...

How to install PHP 7 on CentOS 7

PHP is so common that a 78.9% of all websites online to this date are running PHP (according to...

How to upgrade CentOS 6 to CentOS 7

Use the CentOS Vault repository: Since CentOS 6 is EOL we need to point our yum to the vault...

How to Upgrade from Ubuntu 16.10 Server to Ubuntu 18.04 Server

To upgrade to Ubuntu 18.04 from the terminal (especially on servers), install the...

NGINX – Allow access only to certain IPs

Nginx has a nice module that not many people know about, it basically enables us...