Introduction: How to Setup CentOS server
When you first Setup CentOS server, there are a couple setup steps that you ought to take at an opportune time as a feature of the fundamental setup.
This will build the security and ease of use of your server and will issue you a strong establishment for resulting activities. In this tutorial we’ll show you how to Setup CentOS server.
This guide also works with all RHEL (Redhat Entrprise Linux based systems), like CentOS, CloudLinux, Oracle.
How to Setup CentOS server (CentOS 7)
Step 1.) Root Login
To log into your server, you will need to know your server’s IP address and the secret key for the “root” client’s record or your root password.
In the event that you are not officially associated with your server, feel free to log in as the root client utilizing the following command:
In case you don’t have a terminal access or use Windows you can use Putty, which is a Windows SSH client.
Complete the login authentication, ignoring any warning about host authenticity. Then provide your root credentials (your password or key).
About Root User
The root is like the Windows administrator user. In the Linux environment it has no restrains nad it has full privileges. Because of the full, unrestricted privileges of the root account, you are discouraged from using it on a daily basis. That’s because the root use may harm your system, even by mistake.
Next step is to setup a normal user account with reduced privileges for daily work. We will show you how to gain temporary root privileges when you need them.
Step 2.) Create a normal User
Once you are logged-in to your server
, we are ready to add the new user that we’ll use to log-in from now on.
In this example we will create a new user called “nixpal”:
Next, assign a password to the new user:
Enter a very strong password, and repeat again to verify it.
NixPal.com – How to Setup CentOS server
Step 3.) Root Privileges
Now we have a user account with normal user account privileges. But some time we may need to do administrative tasks that only a root user can do.
To avoid switching from normal user to root, we can set-up what is known as ‘superuser’ or root privileges for our “nixpal” account.
This will allow a normal user to run commands with administrative privileges by placing the word
sudo before every command.
To add these privileges to the new user, we must add the new user to the ‘wheel’ group. For example, on CentOS 7, users that are part of the “wheel” group are permitted to use the
root, run this command to add the new user “nixpal” to the wheel group:
gpasswd -a nixpal wheel
Your user can now run commands with super user privileges.
Step 4.) Add Public Key Authentication (best recommended for security)
Next step is to “harden” your server. We will set-up public key authentication for your new user “nixpal”.
Installing this key will increase the security of your server by requiring a private SSH key to log in, instead of password.
Generate a SSH Key Pair
If you don’t already have an SSH key, which consists of a public & a private key, you may need to generate one.
To generate a new set of keys, enter the following command at the terminal of your local machine:
If your local user is called “nixpal” like in the above example, you’ll see an output that looks like this:
Generating public/private rsa key pair. Enter file in which to save the key (/Users/nixpal/.ssh/id_rsa):
Hit Enter to accept the file name and path (or input a new name).
Next, you’ll be asked for a pass-phrase to secure the key. You may either enter a pass-phrase or leave it blank.
Caution:If you leave the pass-phrase blank, you’ll be able to use the private key for authentication without entering a pass-phrase. If you input a pass-phrase, you’ll need both the private key and the pass-phrase to log-in. Securing your keys with pass-phrases is essential, but both methods have their uses and are more secure than the basic password authentication.
This command generates a private key,
id_rsa, a public key,
id_rsa.pub, in the
.ssh directory of nixpal‘s home directory.
Remember that the private key shouldn’t be shared with anyone who should’t have root access to your servers!
Copy the generated Public Key
After generating the SSH key pair, you have to put your public key to your server.
Let’s suppose you generated the SSH key pair using the above step, use this command at the terminal of your machine to print your public key (
This will print your public SSH key, which looks like this:
ssh-rsa c2EAAAADAQABAAABAQDBGTO0tsVejssuaYR5R3Y/i73SppJAhme1dH7W2c47d4gOqB4izP0+fRLfvbz/tnXFz4iOP/+KjKiXrAvXUPCI9mWkYS/1rggpFmu3HbXBnWSUdf nixpal@localhost
Select the public generated key, and copy to your clipboard.
NixPal.com – How to Setup CentOS server (CentOS 7)
Add the Public Key to the New Remote User
To enable the use of the SSH key to authenticate as a new remote user, you should add the public key to a special file in the nixpal‘s home directory.
On the server, as
root user, enter this command to switch to the new user:
su - nixpal
Now you’ll be in your new user “nixpal” home directory.
Create a new directory named
.ssh and restrict the permissions with the following commands:
mkdir .ssh chmod 700 .ssh
Next, open a file in .ssh named
authorized_keys with a text editor (nano, vi, emacs, or notepad++ for Windows). We’ll use nano to edit the file:
Enter your public key (which must be copied in your clipboard) by pasting it into the editor. Now hit
Ctrl+O to write the file.
Ctrl+X to exit the file.
Next, restrict the permissions of the authorized_keys file with the following command:
chmod 600 .ssh/authorized_keys
Type this command to return to the
Now you can SSH login as the new “nixpal” user, using the private key as authentication credentials and NOT your password.
NixPal.com – Setup CentOS server (CentOS 7)
Step 5.) Configuring SSH
Now that we have our new account, we should secure our server a by modifying the SSH configuration.
Start by opening the config file with your favourite text editor as root (we’ll use vi for this):
Change SSH Port (for extra security)
The 1st option that you should change is the port that SSH runs in order to avoid port-scanners and bots from brute-forcing your server.
Search for the line that contains the following:
Tip: To search for this line, type
/Port 22 and press
ENTER. This would place the cursor to the “P” character on that line.
If we change this number to something between 1025 and 65536, the SSH process on the server will check for connections on a different port.
This is very helpful because unauthorized users may try to break into the server by attacking the SSH.
If you change this value, you should remember that your server is running on this new port.
For this tutorial, we’ll change the port to
5555 as a demonstration. This means that when we are connected, we’ll have to tell the SSH client to use the new port. We’ll get to that later.
Now, modify the value to your selection.
Remove the commented line by deleting the “#” symbol (press
Place the cursor in front of the port number by pressing
Replace “22” by pressing
cw, then type your desired port number. Hit
ESC when you are done.
It should look like this:
Restrict Root Login
We can disable root login through SSH if we like, for more security.
This is a very secure setting since we can access our server through the normal user account and escalate privileges when needed.
To completely disable remote root logins, we should find the following line:
Tip: In order to search for this line, type
/PermitRoot then press
This would bring the cursor to the “P” character to that line.
Uncomment the line by removing the “#” character in front of the line (press
Now place the cursor to “yes” by pressing
Next, replace yes by pressing
cw, and type no. Hit
ESC when you’re done editing the sshd_config. It must look like this:
It is highly recommended to disable the remote root login!
:x to save & exit the file.
NixPal.com – Setup CentOS server (CentOS 7)
Step 6.) Reload SSH
Now that we’ve made all the necessary changes, we must restart the SSH service to use the new configuration.
Type this command to restart SSH:
systemctl reload sshd.service
Before we log-out, we must test the new configuration.
We don’t want to disconnect until we confirm that new connections can be established successfully.
Open a new terminal window.
In the window, we must begin a new connection to the server.
Instead of using the root user account, we should use the new account we have created.
If you have changed the port number of SSH, you must inform your client about the new port.
You can achieve this by using the
-p 5555 command (the port you configured).
For the new server we have configured, you should connect with the below command. Replace as needed with your own information:
ssh -p 5555 nixpal@SERVER_IP_ADDRESS
Tip: If you use PuTTY to connect to your server, make sure you have updated the session port number to your server’s exact configuration.
You’ll be asked for the new user password that you have configured.
After that, you’ll login as the new user.
If you need to run a command with root privileges, type “sudo” before the command, as shown below:
If everything is OK, you can exit by typing: