Following all steps in this initial CentOS server setup is not a must but strongly recommended. However the decision is up to you. I assumed you have either VPS or Dedicated server already so you can follow this guide.
Step 1 – Login to your remote server via SSH connection. You can use either use Terminal (Mac / Linux) or Putty in Windows. You should login as root. Read my previous articles:
During your first login, Putty (or Terminal) will ask you to cache server’s host key in the registry and remember server’s ras2 key fingerprint. Don’t panic and simply hit Yes.
Step 2 – Change default password for root. Sometimes a VPS or server is created using random password generated by the provider’s management software. It is good practice to change it to something easier to remember by you but hard to crack or guess by others. Use this command syntax:
1
| passwd |
Make sure you use strong words and numbers combination but also make sure you can easily remember it.
Step 3 – Create new user. This new user will be used for you to login to your server in the next time because you have to also disable root login (I’ll tell you in the next steps) because “root” is really a standard username hackers can easily guess. It’s just like “admin” or “administrator” in Windows. Use command below to create new username:
1
| /usr/sbin/adduser newuser |
Then issue this command to setup password for that user:
1
| passwd newuser |
Step 4 – Setup root privileges to that user so once you logged in to your server using that new user you will still be able to perform any root only tasks. To do that simply issue this command:
1
| /usr/sbin/visudo |
1
2
| # User privilege specificationroot ALL=(ALL) ALL |
1
2
| ## Allow root to run any commands anywhereroot ALL=(ALL) ALL |
## Allow root to run any commands anywhere root ALL=(ALL) ALL newuser ALL=(ALL) ALLit should look like this:
How to edit? If you don’t have Nano editor installed yet, simply hit “a” (without quotes). Once done adding new line, simply hit Esc key to exit editing mode. Now press Shift key + ZZ to save and exit vi editor.
Step 5 – Change SSH default port and disable root login. This is what I mean in step 3 above. In this case you’ll need to edit “sshd_config” file which is the main configuration file of SSH service in your server. You can either use vi or Nano to edit it. In this example I use Nano editor:
1
| nano /etc/ssh/sshd_config |
1
| #port 22 |
1
| port 22000 |
Next, also find:
1
| #PermitRootLogin yes |
PermitRootLogin noSo it will look like this:
Next, find this line as well:
1
| #UseDNS yes |
UseDNS noIt may look like this:
Don’t close Nano editor just yet, now proceed to the next step:
Step 6 – Allow new user to login via SSH to your server. Simply add this line in the very bottom of that file:
1
| AllowUsers newuser |
Once done, hit Control+O to save then Control+X to exit Nano editor.
Step 7 – Reload SSH service. To make sure the new configuration is used by the service, simply reload SSH by using this command:
1
| /etc/init.d/sshd reload |
Step 8 – Give it a try! I assumed currently you are still logging in as root. Don’t close that SSH session yet before you test it and make sure all the settings you defined in SSH config file really works. Now launch another Terminal window or launch another Putty instance then login using new SSH port, new username, and of course new password.
After the changes, you’ll see your new username instead of root:
No comments:
Post a Comment