This is a quick tutorial for building a CentOS based VPS/Dedicated server. CentOS server doesn't include GUI in default so the only way to access server is using Secure Shell (SSH). The following steps will be completed by using SSH.
Step One: Login to your server as root.
Have your server's IP address and root password ready. Login as the main user: root. We use PuTTY in Windows environment here to demonstrate how to use SSH to connect to your CentOS server. Open Putty and fill in the IP address, make sure the "connection type" is "SSH". Leave port 22 as default and click Open.
For other platforms like Mac OS X which has a built-in SSH client call Terminal. Use the following command (replace the boldfaced numbers with your own IP address):
The Putty or Terminal will ask you to confirm the connection when you first time using SSH in your environment, Click/type yes and then enter your root password.
Step Two: Change default root password.
If you rent VPS or Dedicated server, using the default password that the server provider sent you is not a good idea. So the next thing to do is change it to one of your choice.
Execute the following command and follow the direction to change your root password
You can either set a more complex password or a short or simple password (Not recommended using a simple password for root).
You will not need to re-login again to your server as root after the password change.
Step Three: Add a new sudo user account.
Log-in into your server as root is not recommended because of root has all of the administrative capabilities. In this step we will make a new user, with a new password, and give them all of the root capabilities.
First, create your user; you can choose any name for your user.
Here is a example of creating a new user: "all4os" (replace "all4os" with your own username):
Second, change the new user's password.
Third, grant administrative privileges.
When you perform any root tasks with the new user account, you will need to use the phrase "sudo" before the command. We give users access to the sudo command with the visudo command.
Execute the following command to edit the sudo configuration. This will be done through the default editor in CentOS is called "vi".
It will looks like this:
## Allow root to run any commands anywhere root ALL=(ALL) ALL
We give a user sudo privileges by copying the line beginning with "root" and pasting it after. We then change the user "root" on the new line to our new user, like this:
## Allow root to run any commands anywhere root ALL=(ALL) ALL all4os ALL=(ALL) ALL
We can now save the file and close it. Press Esc key to stop editing, then type :wq and hit Enter to save and exit the file.
Now, when you are logged in as your regular user, you can execute a certain command with root privileges by typing:
Step four: Configure SSH and Disable root login in sshd configuration files (OPTIONAL).
If you have a concern about the server's security. Now you can make the server more secure by following this optional but recommended steps. They will make the server more secure by making unauthorized login more difficult.
First, change the default SSH port 22 to a new port number.
Port 22 is the default SSH port, you can change this to any number between 1025 and 65536 to prevent some automated "Brute-Force SSH Attack" to port 22.
Open the SSH configuration file:
sudo vi /etc/ssh/sshd_config
Find the following sections. Remove the # symbol (The # symbol tells the server to ignore anything after it on the same line, so we will need to remove that character) and change the number 22 to whatever number you want bewtwwn 1025 and 65536. Be sure you do not pick a port number that is in use by a different service (eg: 80, 443).
Second, disable SSH login for the root user.
Everyone knows that Linux systems comes with root user access and by default the root access is enabled for outside world. With a good, long, and complicated password, you can limit your exposure to a brute force attack. However, it may still be possible. Hackers can potentially get access to your system if they can figure out your root password. For security reason, root access through SSH should be disabled in order to prevent the hacker from gaining root access to your server.
Find the following sections, Remove the # symbol and change the from yes to no to stop future root login.
Third, reload the SSH.
sudo systemctl reload sshd.service
service sshd restart
And that's it. Your SSH port number will change and you can no longer directly access root via SSH.