Initial Server Setup With CentOS 6 _ DigitalOcean

Published on January 2017 | Categories: Documents | Downloads: 60 | Comments: 0 | Views: 325
of 9
Download PDF   Embed   Report



4/17/2014 Initial Server Setup with CentOS 6 | DigitalOcean 1/9
Sign Up Log In
Before you continue...
You are about to enter a community-supported IRC chat. DigitalOcean is not responsible for its content. If you require immediate assistance, please open a support ticket.
Continue to IRC Chat
Search the Community
Initial Server Setup with CentOS 6
Tagged In: Linux Basics, Cent Os
The Basics
When you first begin to access your fresh new virtual private server, there are a few early steps you should take to make it more secure. Some of
the first tasks can include setting up a new user, providing them with the proper privileges, and configuring SSH.
Step One—Root Login
Once you know your IP address and root password, login as the main user, root.
It is not encouraged to use root on a regular basis, and this tutorial will help you set up an alternative user to login with permanently.
ssh [email protected]
The terminal will show:
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is 79:95:46:1a:ab:37:11:8e:86:54:36:38:bb:3c:fa:c0.
Are you sure you want to continue connecting (yes/no)?
Go ahead and type yes, and then enter your root password.
Step Two—Change Your Password
Currently your root password is the default one that was sent to you when you registered your droplet. The first thing to do is change it to one of
your choice.
CentOS is very cautious about the passwords it allows. After you type your password, you may see a BAD PASSWORD notice. You can either
set a more complex password or ignore the message—CentOS will not actually stop you from creating a short or simple password, although it will
advise against it.
Step Three— Create a New User
After you have logged in and changed your password, you will not need to login again to your VPS as root. In this step we will make a new user,
with a new password, and give them all of the root capabilities.
First, create your user; you can choose any name for your user. Here I’ve suggested Demo
/usr/sbin/adduser demo
Second, create a new user password:
passwd demo
4/17/2014 Initial Server Setup with CentOS 6 | DigitalOcean 2/9
Step Four— Root Privileges
As of yet, only root has all of the administrative capabilities. We are going to give the new user the root privileges.
When you perform any root tasks with the new user, you will need to use the phrase “sudo” before the command. This is a helpful command for 2
reasons: 1) it prevents the user from making any system-destroying mistakes 2) it stores all the commands run with sudo to the file ‘/var/log/secure'
which can be reviewed later if needed.
Let’s go ahead and edit the sudo configuration. This can be done through the default editor, which in CentOS is called ‘vi’
Find the section called user privilege specification.
It will look like this:
# User privilege specification
root ALL=(ALL) ALL
Under the details of root's privileges, add the following line, granting all the permissions to your new user.
To began typing in vi, press “a”.
demo ALL=(ALL) ALL
Press Escape, :, w, q, then Enter to save and exit the file.
Step Five— Configure SSH (OPTIONAL)
Now it’s time to make the server more secure. These steps are optional. They will make the server more secure by making login more
Open the configuration file
sudo vi /etc/ssh/sshd_config
Find the following sections and change the information where applicable:
Port 25000
Protocol 2
PermitRootLogin no
UseDNS no
We’ll take these one by one.
Port: Although port 22 is the default, you can change this to any number between 1025 and 65536. In this example, I am using port 25000. Make
sure you make a note of the new port number. You will need it to login in the future, and this change will make it more difficult for unauthorized
people to log in.
PermitRootLogin: change this from yes to no to stop future root login. You will now only login as the new user.
Add this line to the bottom of the document, replacing demo with your username:
AllowUsers demo
Save and Exit
Step Six— Reload and Done!
Reload SSH, and it will implement the new ports and settings.
/etc/init.d/sshd reload
To test the new settings (don’t logout of root yet), open a new terminal window and login into your virtual server as your new user.
Don’t forget to include the new port number.
ssh -p 25000 [email protected]
Step One—Root Login
Step Two—Change Your Password
Step Three— Create a New User
Step Four— Root Privileges
Step Five— Configure SSH (OPTIONAL)
Step Six— Reload and Done!
See More
May 22, 2012
4/17/2014 Initial Server Setup with CentOS 6 | DigitalOcean 3/9
Your prompt should now say:
[demo@yourname ~]$
See More
As you start securing your droplet with SSH, you can continue to improve its security by installing programs, such as Fail2Ban or Deny Hosts, to
prevent against brute force attacks on the server.
You can also find the tutorial to install the LAMP stack on the server here or the LEMP stack on the server here.
By Etel Sverdlov
Related Articles
An Introduction to File Compression Tools on Linux Servers
How To Use DVTM and Dtach as a Terminal Window Manager on an Ubuntu VPS
How To Download Software and Content onto your Linux VPS
How To Use cd, pwd, and ls to Explore the File System on a Linux Server
An Introduction To Regular Expressions
How To Use IPRoute2 Tools to Manage Network Configuration on a Linux VPS
How To Use Bash History Commands and Expansions on a Linux VPS
How To Read and Set Environmental and Shell Variables on a Linux VPS
Share this Tutorial
Tweet 2

0 Submit
Try this tutorial on an SSD cloud server.
Includes 512MB RAM, 20GB SSD Disk, and 1TB Transfer for $5/mo! Learn more
Create an account or login:
Get Started!
Write Tutorial
rsongo over 1 year
If you set PermitRootLogin no, how are you gonna do # chkconfig vsftpd on ?
Moisey over 1 year
Setting SSH to not PermitRootLogin's just refers to logging in via password & ssh. Instead you will need to use SSH-keys which are much
more secure than just a root password it will not affect anything else.
rsongo over 1 year
4/17/2014 Initial Server Setup with CentOS 6 | DigitalOcean 4/9
coreydbarrett about 1 year
I cannot sign in under my account I keep getting a connection refused what should I do?
Moisey about 1 year
Open up a support ticket and we'll troubleshoot it with you directly, probably just a typo or something small missing.
Edwin Ang about 1 year
i can't edit visudo. it seems to be encrypted. any suggestion?
Edwin Ang about 1 year
forget my previous post. i should execute visudo directly :)
Peter about 1 year
In CentOS 6.3 it is: root ALL=(ALL) ALL and not: root ALL=(ALL:ALL) ALL
desiredpersona about 1 year
Here is how to edit the sudo configuration. This should be added to the tutorial for new users like me. It took me awhile to figure this out!!!
Please see "Using the vi text editor" heading here:
desiredpersona about 1 year
Make sure to uncomment the new Port otherwise you will not be able to login as your new user.
linuxtechjason 9 months
You forget to mention that when you change options in the ssh config file that you also need to remove the comment mark (#) at the
beginning or it won't change anything. Also, maybe it's just me but the Esc -> Shift ZZ didn't work for me. But having used vi before I just
used ESC -> :wq! instead. Thanks for this tutorial. Removing the ability to login as root to ssh is a good thing. :-)
davidshockey 8 months
Good advice and good instructions. You may want to mention that if you have configured iptables you will have to allow ssh on the new
4/17/2014 Initial Server Setup with CentOS 6 | DigitalOcean 5/9
port. When you are sure that it is working, you will want to disable port 22.
mollamirzaee 6 months
Configure iptables for new port (CentOS 6.4): Edit /etc/sysconfig/iptables and add the following before COMMIT. -A INPUT -m state --
state NEW -m tcp -p tcp --dport -j ACCEPT | OR | system-config-firewall-tui Customize SSH Forward Add: Port : Protocol : tcp
eric 6 months
user was added and ssh port was changed, still able to login via root?
eric 6 months
never mind, all is well
Pablo of 6 months
In trying to learn how to navigate CentOS, I spun up my first CentOS droplet (v6.4). RE: Step Four I, for the life of me, can not find the
line that reads:
# User privilege specification
Has it been replaced with...?
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
Pablo of 6 months
Like @linuxtechjason, Esc + Shift + ZZ did not work for me, either; but Esc + : + w + q + Enter did. As an aside, how 'bout showing
the CentOS LEMP stack article some love by tossing a link to it near the LAMP stack link?
Kamal Nasser 5 months
@Pablo: Shift ZZ works fine on vim for me, I'll edit it and replace it with Esc :wq as it is always guaranteed to work. Added a link, thanks :]
melanie 4 months
I get to step Step Five— Configure SSH (OPTIONAL) and I dont see anything that looks like Port 25000 Protocol 2 PermitRootLogin no
UseDNS no what there is however is Port 22 AddressFamily any ListenAddress ListenAddress :: this is exactly what is there:
[root@mydomain ~]# sudo vi /etc/ssh/sshd_config # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ #Port 22
#AddressFamily any #ListenAddress #ListenAddress :: # This is the sshd server system-wide configuration file. See #
sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the
default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented.
Uncommented options change a # default value. #Port 22 #AddressFamily any #ListenAddress #ListenAddress :: # Disable legacy
(protocol version 1) support in the server for new so this is on a droplet with CentOS 6.4 x64 Does this tutorial need to be updated? please
advise here on how to configure SSH because it's not happening as per your tutorial
4/17/2014 Initial Server Setup with CentOS 6 | DigitalOcean 6/9
Kamal Nasser 4 months
@melanie: I believe appending the non-existent directives to the config file should work.
carlos 4 months
For some reason it does not work (after editing the config file, reloading, etc.) when I use any other port than 22. I have trying connecting
using the ssh client included on Mac OS X (Maverick) as well as ssh clients on the iPad and iPhone. All other instructions work well, but
the configuration of port to anything but 22 seems to be ignored by Centos. Weird, it makes sense otherwise. The ssh connection just times
out. And I haven't changed anything on Centos, this is a vanilla image, with just a couple of utilities gummed in.
Kamal Nasser 4 months
@carlos: Do you have any firewall rules in place? What's the output of
sudo iptables -L -n -v
carlos 4 months
Hi, Kamal
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3385 2130K ACCEPT all -- * * state RELATED,ESTABLISHED
1 84 ACCEPT icmp -- * *
0 0 ACCEPT all -- lo *
7 520 ACCEPT tcp -- * * state NEW tcp dpt:22
12 580 REJECT all -- * * reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 1742 packets, 197K bytes)
pkts bytes target prot opt in out source destination
BTW: When I use the port directive in sshd_config, the directive DOES HAVE SOME EFFECT, because normal ssh through port 22
starts to timeout immediately after I reload sshd. But *connecting* through the new port doesn't work
Kamal Nasser 4 months
@carlos: You have your firewall set up to alow access to port 22 and drop all other packets. You have to allow access to the new port:
sudo iptables -D INPUT 5
sudo iptables -D INPUT 4
sudo iptables -P INPUT DROP
sudo iptables -I INPUT -p tcp --dport [new SSH port] -j ACCEPT
Save the new rules:
iptables-save | sudo tee /etc/sysconfig/iptables
sudo service iptables restart
Kamal Nasser 4 months
4/17/2014 Initial Server Setup with CentOS 6 | DigitalOcean 7/9
Make sure you do this through the Remote Console available from our control panel as you will temporarily not have access to the droplet
via SSH. Once you've updated the rules, go ahead and change the SSH port to whatever you want it to be.
techspecx 2 months
I have SSH keys installed and I can login fine with a SSH key but after I change the lines in the sshd_config it asks me for a password and I
do not use passwords. Could you help?
techspecx 2 months
This is the message I receive: Using username "root". Server refused our key Before I configured the sshd_config I was able to use my key.
techspecx 2 months
I have not disabled root login
Kamal Nasser 2 months
@techspecx: What exactly have you changed in sshd_config?
Ricardo Parraga 2 months
Thanks for the article. This is a must when having servers facing the Internet. @ Pablo Thanks for the correction. I am having CentOS 6.5
x64 and had the same problem there on Step 4.: ## Allow root to run any commands anywhere root ALL=(ALL) ALL Also, Shift + ZZ
worked for me in "vi" editor. On Step 5: I always do a copy of the file in case I need to go back to it: cp /etc/ssh/sshd_config{,.bck} Then I
just edit the normal /etc/ssh/sshd_config file.
techspecx 29 days
@Kamal I changed everything according to the article. If I make those changes I cannot login with SSH and it asks me for a password.
Leave a Comment
4/17/2014 Initial Server Setup with CentOS 6 | DigitalOcean 8/9
Leave a comment...
Create an account or login:
Submit Comment
Copyright © 2014
DigitalOcean ™ Inc.
Proudly Made in NY
Terms, Privacy, & Copyright Security
One-Click Apps
About Us
Logos & Badges
Getting Started
Referral Program
Network Status
Tutorial Suggestions
Get Paid to Write
4/17/2014 Initial Server Setup with CentOS 6 | DigitalOcean 9/9
1,480,902 Droplets Launched

Sponsor Documents

Or use your account on


Forgot your password?

Or register your new account on


Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in