Recommended VPS Complete list of best VPS hosting providers.

Basic CentOS Setup Before Building A Working Server

All essential things you have to do in the first time to build a web server on CentOS 6. You may simply straight forward to install Apache, Nginx, Lighthttpd, or any web server you want but it is strongly recommended to firstly follow some basic and common practices of initial server setup. This is aimed to tweak and apply some basic security protection on your server and make it real private. For instance, to change default root login, change default SSH port and so on.

Following all steps in this initial CentOS server setup is not a must but strongly recommended. However the decision is up to you. I assumed you have either VPS or Dedicated server already so you can follow this guide.

In this example, I use a VPS with 512Mb of RAM running CentOS 6.3 x32 located in Amsterdam hosted by DigitalOcean.

Step 1 – Login to your remote server via SSH connection. You can use either use Terminal (Mac / Linux) or Putty in Windows. You should login as root. Read my previous articles:

During your first login, Putty (or Terminal) will ask you to cache server’s host key in the registry and remember server’s ras2 key fingerprint. Don’t panic and simply hit Yes.

login putty

Step 2Change default password for root. Sometimes a VPS or server is created using random password generated by the provider’s management software. It is good practice to change it to something easier to remember by you but hard to crack or guess by others. Use this command syntax:

passwd

You’ll then be asked to enter your new password twice.

chage ssh password

Make sure you use strong words and numbers combination but also make sure you can easily remember it.

Step 3Create new user. This new user will be used for you to login to your server in the next time because you have to also disable root login (I’ll tell you in the next steps) because “root” is really a standard username hackers can easily guess. It’s just like “admin” or “administrator” in Windows. Use command below to create new username:

/usr/sbin/adduser newuser

*change “newuser” above with your own new username. In this example I use my name “sawiyati”.

Then issue this command to setup password for that user:

passwd newuser

Upon hitting Enter on your keyboard your server will ask you to type the password for that user.

change user password centos

Step 4Setup root privileges to that user so once you logged in to your server using that new user you will still be able to perform any root only tasks. To do that simply issue this command:

/usr/sbin/visudo

then look for the line / section called:

# User privilege specification
root    ALL=(ALL)       ALL

or in different CentOS release it may also like this:

## Allow root to run any commands anywhere
root    ALL=(ALL)        ALL

Then add this line right after the root line:

## Allow root to run any commands anywhere
root      ALL=(ALL)        ALL
newuser   ALL=(ALL)        ALL

it should look like this:

add user privilege

How to edit? If you don’t have Nano editor installed yet, simply hit “a” (without quotes). Once done adding new line, simply hit Esc key to exit editing mode. Now press Shift key + ZZ to save and exit vi editor.

Step 5Change SSH default port and disable root login. This is what I mean in step 3 above. In this case you’ll need to edit “sshd_config” file which is the main configuration file of SSH service in your server. You can either use vi or Nano to edit it. In this example I use Nano editor:

nano /etc/ssh/sshd_config

Then fine following lines:

#port 22

Remove the # symbol and change the “22” (it is default port) to to any number between 1025 and 65536, For example is port 22000. Example:

port 22000

change port

Next, also find:

#PermitRootLogin yes

Remove the # symbol and change yes to no

PermitRootLogin no

So it will look like this:

permitroot login

Next, find this line as well:

#UseDNS yes

Remove the # symbol and change yes to no

UseDNS no

It may look like this:

usedns

Don’t close Nano editor just yet, now proceed to the next step:

Step 6Allow new user to login via SSH to your server. Simply add this line in the very bottom of that file:

AllowUsers newuser

Of course you have to replace “newuser” with your own username created in the step 3 above. Example:

ssh add user login

Once done, hit Control+O to save then Control+X to exit Nano editor.

Step 7Reload SSH service. To make sure the new configuration is used by the service, simply reload SSH by using this command:

/etc/init.d/sshd reload

It should return with the OK message.

Step 8 – Give it a try! I assumed currently you are still logging in as root. Don’t close that SSH session yet before you test it and make sure all the settings you defined in SSH config file really works. Now launch another Terminal window or launch another Putty instance then login using new SSH port, new username, and of course new password.

After the changes, you’ll see your new username instead of root:

success

Enjoy..

99 Comments

Add a Comment

Your email address will not be published. Required fields are marked *

Get more stuff like this
in your inbox

Subscribe and get interesting stuff plus faster updates to your email.