All important issues you need to do within the first time to construct an online server on CentOS 6. You might merely straight ahead to set up Apache, Nginx, Lighthttpd, or any internet server you need however it's strongly beneficial to firstly comply with some fundamental and customary practices of preliminary server setup. That is aimed to tweak and apply some primary safety safety in your server and make it actual non-public. As an illustration, to vary default root login, change default SSH port and so forth.
Following all steps on this preliminary CentOS server setup just isn't a should however strongly beneficial. Nonetheless the choice is as much as you. I assumed you will have both VPS or Devoted server already so you may observe this information.
On this instance, I exploit a VPS with 512Mb of RAM operating CentOS 6.three x32 positioned in Amsterdam hosted by DigitalOcean.
Step 1 – Login to your distant server by way of SSH connection. You should utilize both use Terminal (Mac / Linux) or Putty in Home windows. You need to login as root.
Throughout your first login, Putty (or Terminal) will ask you to cache server’s host key within the registry and keep in mind server’s ras2 key fingerprint. Don’t panic and easily hit Yes.
Step 2 – Change default password for root. Generally a VPS or server is created utilizing random password generated by the supplier’s administration software program. It's good apply to alter it to one thing simpler to recollect by you however exhausting to crack or guess by others. Use this command syntax:
Ensure you use sturdy phrases and numbers mixture but in addition ensure you can simply bear in mind it.
Step 3 – Create new user. This new user can be used so that you can login to your server within the subsequent time as a result of you must additionally disable root login (I’ll inform you within the subsequent steps) as a result of “root” is admittedly a regular username hackers can simply guess. It’s similar to “admin” or “administrator” in Home windows. Use command under to create new username:
Then issue this command to setup password for that user:
Step 4 – Setup root privileges to that user so once you logged in to your server using that new user you will still be able to perform any root only tasks. To do that simply issue this command:
then look for the line / section called:
or in different CentOS release it may also like this:
Then add this line right after the root line:
it should look like this:
Tips on how to edit? If you happen to don’t have Nano editor put in but, merely hit “a” (with out quotes). As soon as finished including new line, merely hit Esc key to exit enhancing mode. Now press Shift key + ZZ to save lots of and exit vi editor.
Step 5 – Change SSH default port and disable root login. That is what I imply in step three above. On this case you’ll must edit “sshd_config” file which is the primary configuration file of SSH service in your server. You may both use vi or Nano to edit it. On this instance I exploit Nano editor:
Then fine following lines:
Remove the # symbol and change the “22” (it is default port) to to any number between 1025 and 65536, For example is port 22000. Example:
Remove the # symbol and change yes to no
So it will look like this:
Next, find this line as well:
Remove the # symbol and change yes to no
It may look like this:
Don’t close Nano editor just yet, now proceed to the next step:
Step 6 – Allow new user to login via SSH to your server. Simply add this line in the very bottom of that file:
Of course you have to replace “newuser” with your own username created in the step 3 above. Example:
Once done, hit Control+O to save then Control+X to exit Nano editor.
Step 7 – Reload SSH service. To make sure the new configuration is used by the service, simply reload SSH by using this command:
Step 8 – Give it a attempt! I assumed presently you might be nonetheless logging in as root. Don’t shut that SSH session but earlier than you take a look at it and ensure all of the settings you outlined in SSH config file actually works. Now launch one other Terminal window or launch one other Putty occasion then login utilizing new SSH port, new username, and naturally new password.
After the changes, you’ll see your new username instead of root:
And enjoy...
Following all steps on this preliminary CentOS server setup just isn't a should however strongly beneficial. Nonetheless the choice is as much as you. I assumed you will have both VPS or Devoted server already so you may observe this information.
On this instance, I exploit a VPS with 512Mb of RAM operating CentOS 6.three x32 positioned in Amsterdam hosted by DigitalOcean.
Step 1 – Login to your distant server by way of SSH connection. You should utilize both use Terminal (Mac / Linux) or Putty in Home windows. You need to login as root.
Throughout your first login, Putty (or Terminal) will ask you to cache server’s host key within the registry and keep in mind server’s ras2 key fingerprint. Don’t panic and easily hit Yes.
Step 2 – Change default password for root. Generally a VPS or server is created utilizing random password generated by the supplier’s administration software program. It's good apply to alter it to one thing simpler to recollect by you however exhausting to crack or guess by others. Use this command syntax:
passwdYou’ll then be asked to enter your new password twice.
Ensure you use sturdy phrases and numbers mixture but in addition ensure you can simply bear in mind it.
Step 3 – Create new user. This new user can be used so that you can login to your server within the subsequent time as a result of you must additionally disable root login (I’ll inform you within the subsequent steps) as a result of “root” is admittedly a regular username hackers can simply guess. It’s similar to “admin” or “administrator” in Home windows. Use command under to create new username:
/usr/sbin/adduser newuser*change “newuser” above with your own new username. In this example I use my name “sawiyati”,
Then issue this command to setup password for that user:
passwd newuserUpon hitting Enter on your keyboard your server will ask you to type the password for that user.
Step 4 – Setup root privileges to that user so once you logged in to your server using that new user you will still be able to perform any root only tasks. To do that simply issue this command:
/usr/sbin/visudo
then look for the line / section called:
# User privilege specification
root ALL=(ALL) ALL
or in different CentOS release it may also like this:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
Then add this line right after the root line:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
newuser ALL=(ALL) ALL
it should look like this:
Tips on how to edit? If you happen to don’t have Nano editor put in but, merely hit “a” (with out quotes). As soon as finished including new line, merely hit Esc key to exit enhancing mode. Now press Shift key + ZZ to save lots of and exit vi editor.
Step 5 – Change SSH default port and disable root login. That is what I imply in step three above. On this case you’ll must edit “sshd_config” file which is the primary configuration file of SSH service in your server. You may both use vi or Nano to edit it. On this instance I exploit Nano editor:
nano /etc/ssh/sshd_config
Then fine following lines:
#port 22
Remove the # symbol and change the “22” (it is default port) to to any number between 1025 and 65536, For example is port 22000. Example:
port 22000Next, also find:
#PermitRootLogin yes
Remove the # symbol and change yes to no
PermitRootLogin no
So it will look like this:
Next, find this line as well:
#UseDNS yes
Remove the # symbol and change yes to no
UseDNS no
It may look like this:
Don’t close Nano editor just yet, now proceed to the next step:
Step 6 – Allow new user to login via SSH to your server. Simply add this line in the very bottom of that file:
AllowUsers newuser
Of course you have to replace “newuser” with your own username created in the step 3 above. Example:
Once done, hit Control+O to save then Control+X to exit Nano editor.
Step 7 – Reload SSH service. To make sure the new configuration is used by the service, simply reload SSH by using this command:
/etc/init.d/sshd reloadIt should return with the OK message.
Step 8 – Give it a attempt! I assumed presently you might be nonetheless logging in as root. Don’t shut that SSH session but earlier than you take a look at it and ensure all of the settings you outlined in SSH config file actually works. Now launch one other Terminal window or launch one other Putty occasion then login utilizing new SSH port, new username, and naturally new password.
After the changes, you’ll see your new username instead of root:
And enjoy...