NixPal.com - Setup CentOS server

Introduction: How to Setup CentOS server

When you first Setup CentOS server, there are a couple setup steps that you ought to take at an opportune time as a feature of the fundamental setup.

This will build the security and ease of use of your server and will issue you a strong establishment for resulting activities. In this tutorial we’ll show you how to Setup CentOS server.

This guide also works with all RHEL (Redhat Entrprise Linux based systems), like CentOS, CloudLinux, Oracle.

How to Setup CentOS server (CentOS 7)

Step 1.) Root Login

To log into your server, you will need to know your server’s IP address and the secret key for the “root” client’s record or your root password.

In the event that you are not officially associated with your server, feel free to log in as the root client utilizing the following command:

ssh root@SERVER_IP_ADDRESS

In case you don’t have a terminal access or use Windows you can use Putty, which is a Windows SSH client.

Complete the login authentication, ignoring any warning about host authenticity. Then provide your root credentials (your password or key).

About Root User

The root is like the Windows administrator user. In the Linux environment it has no restrains nad it has full privileges. Because of the full, unrestricted privileges of the root account, you are discouraged from using it on a daily basis. That’s because the root use may harm your system, even by mistake.

Next step is to setup a normal user account with reduced privileges for daily work. We will show you how to gain temporary root privileges when you need them.

Step 2.) Create a normal User

Once you are logged-in to your server, we are ready to add the new user that we’ll use to log-in from now on.

In this example we will create a new user called “nixpal”:

adduser nixpal

Next, assign a password to the new user:

passwd nixpal

Enter a very strong password, and repeat again to verify it.

NixPal.com – How to Setup CentOS server

Step 3.) Root Privileges

Now we have a user account with normal user account privileges. But some time we may need to do administrative tasks that only a root user can do.

To avoid switching from normal user to root, we can set-up what is known as ‘superuser’ or root privileges for our “nixpal” account.

This will allow a normal user to run commands with administrative privileges by placing the word sudo before every command.

To add these privileges to the new user, we must add the new user to the ‘wheel’ group. For example, on CentOS 7, users that are part of the “wheel” group are permitted to use the sudo command.

As root, run this command to add the new user “nixpal” to the wheel group:

gpasswd -a nixpal wheel

Your user can now run commands with super user privileges.

Step 4.) Add Public Key Authentication (best recommended for security)

Next step is to “harden” your server. We will set-up public key authentication for your new user “nixpal”.

Installing this key will increase the security of your server by requiring a private SSH key to log in, instead of password.

Generate a SSH Key Pair

If you don’t already have an SSH key, which consists of a public & a private key, you may need to generate one.

To generate a new set of keys, enter the following command at the terminal of your local machine:

ssh-keygen

If your local user is called “nixpal” like in the above example, you’ll see an output that looks like this:

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/nixpal/.ssh/id_rsa):

Hit Enter to accept the file name and path (or input a new name).

Next, you’ll be asked for a pass-phrase to secure the key. You may either enter a pass-phrase or leave it blank.

Caution:If you leave the pass-phrase blank, you’ll be able to use the private key for authentication without entering a pass-phrase. If you input a pass-phrase, you’ll need both the private key and the pass-phrase to log-in. Securing your keys with pass-phrases is essential, but both methods have their uses and are more secure than the basic password authentication.

This command generates a private key, id_rsa, a public key, id_rsa.pub, in the .ssh directory of nixpal‘s home directory.

Remember that the private key shouldn’t be shared with anyone who should’t have root access to your servers!

Copy the generated Public Key

After generating the SSH key pair, you have to put your public key to your server.

Let’s suppose you generated the SSH key pair using the above step, use this command at the terminal of your machine to print your public key (id_rsa.pub):

cat ~/.ssh/id_rsa.pub

This will print your public SSH key, which looks like this:

ssh-rsa c2EAAAADAQABAAABAQDBGTO0tsVejssuaYR5R3Y/i73SppJAhme1dH7W2c47d4gOqB4izP0+fRLfvbz/tnXFz4iOP/+KjKiXrAvXUPCI9mWkYS/1rggpFmu3HbXBnWSUdf nixpal@localhost

Select the public generated key, and copy to your clipboard.

 NixPal.com – How to Setup CentOS server (CentOS 7)

Add the Public Key to the New Remote User

To enable the use of the SSH key to authenticate as a new remote user, you should add the public key to a special file in the nixpal‘s home directory.

On the server, as root user, enter this command to switch to the new user:

su - nixpal

Now you’ll be in your new user “nixpal” home directory.

Create a new directory named .ssh and restrict the permissions with the following commands:

mkdir .ssh
chmod 700 .ssh

Next, open a file in .ssh named authorized_keys with a text editor (nano, vi, emacs, or notepad++ for Windows). We’ll use nano to edit the file:

nano .ssh/authorized_keys

Enter your public key (which must be copied in your clipboard) by pasting it into the editor. Now hit Ctrl+O to write the file.

Press Ctrl+X to exit the file.

Next, restrict the permissions of the authorized_keys file with the following command:

chmod 600 .ssh/authorized_keys

Type this command to return to the root user:

exit

Now you can SSH login as the new “nixpal” user, using the private key as authentication credentials and NOT your password.

 

 NixPal.com – Setup CentOS server (CentOS 7)

Step 5.) Configuring SSH

Now that we have our new account, we should secure our server a by modifying the SSH configuration.

Start by opening the config file with your favourite text editor as root (we’ll use vi for this):

vi /etc/ssh/sshd_config

Change SSH Port (for extra security)

The 1st option that you should change is the port that SSH runs in order to avoid port-scanners and bots from brute-forcing your server.

Search for the line that contains the following:

#Port 22

Tip: To search for this line, type /Port 22 and press ENTER. This would place the cursor to the “P” character on that line.

If we change this number to something between 1025 and 65536, the SSH process on the server will check for connections on a different port.

This is very helpful because unauthorized users may try to break into the server by attacking the SSH.

If you change this value, you should remember that your server is running on this new port.

For this tutorial, we’ll change the port to 5555 as a demonstration. This means that when we are connected, we’ll have to tell the SSH client to use the new port. We’ll get to that later.

Now, modify the value to your selection.

Remove the commented line by deleting the “#” symbol (press Shift+X).

Place the cursor in front of the port number by pressing c.

Replace “22” by pressing cw, then type your desired port number. Hit ESC when you are done.

It should look like this:

Port 5555

Restrict Root Login

We can disable root login through SSH if we like, for more security.

This is a very secure setting since we can access our server through the normal user account and escalate privileges when needed.

To completely disable remote root logins, we should find the following line:

#PermitRootLogin yes

Tip: In order to search for this line, type /PermitRoot then press ENTER.

This would bring the cursor to the “P” character to that line.

Uncomment the line by removing the “#” character in front of the line (press Shift-X).

Now place the cursor to “yes” by pressing c.

Next, replace yes by pressing cw, and type no. Hit ESC when you’re done editing the sshd_config. It must look like this:

PermitRootLogin no

It is highly recommended to disable the remote root login!

Press :x to save & exit the file.

 NixPal.com – Setup CentOS server (CentOS 7)

Step 6.) Reload SSH

Now that we’ve made all the necessary changes, we must restart the SSH service to use the new configuration.

Type this command to restart SSH:

systemctl reload sshd.service

Before we log-out, we must test the new configuration.

We don’t want to disconnect until we confirm that new connections can be established successfully.

Open a new terminal window.

In the window, we must begin a new connection to the server.

Instead of using the root user account, we should use the new account we have created.

If you have changed the port number of SSH, you must inform your client about the new port.

You can achieve this by using the -p 5555 command (the port you configured).

For the new server we have configured, you should connect with the below command. Replace as needed with your own information:

ssh -p 5555 nixpal@SERVER_IP_ADDRESS

Tip: If you use PuTTY to connect to your server, make sure you have updated the session port number to your server’s exact configuration.

You’ll be asked for the new user password that you have configured.

After that, you’ll login as the new user.

If you need to run a command with root privileges, type “sudo” before the command, as shown below:

sudo command_to_run

If everything is OK, you can exit by typing:

exit

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.