When you first begin to access your fresh new virtual private server,
there are a few early steps you should take to make it more secure. Some
of the first tasks can include setting up a new user, providing them
with the proper privileges, and configuring SSH.
The terminal will show something like the following:
Go ahead and type yes, and then enter your root password.
Note: It is not encouraged to login as root on a regular basis, and this tutorial will help you set up an alternative user to login with permanently.
First, create your user; you can choose any name for your user. Here is to create a new user, "operator" (replace "operator" with your own username):
When you perform any root tasks with the new user, you will need to use the phrase “sudo” before the command. This is a helpful command for 2 reasons: 1) it prevents the user from making any system-destroying mistakes 2) it stores all the commands run with sudo to the file ‘/var/log/secure' which can be reviewed later if needed.
Let’s go ahead and edit the sudo configuration. This can be done through the default editor, which in CentOS is called ‘vi’:
Find the section called user privilege specification.
It will look like this:
Under the details of root's privileges, add the following line, granting all the permissions to your new user (to began typing in vi, press “i”):
Then press
Open the configuration file:
We’ll describe these changes, line by line:
Then save and exit.
To test the new settings (don’t logout of root yet), open a new terminal window and login into your virtual server as your new user. Be sure to substitute in your own username and IP address (and port, if you changed that setting):
Your prompt should now say:
Root Login
Once you know your IP address and root password, login as the main user, root. Use the following command (replace the highlighted numbers with your own IP address):ssh root@172.22.10.100
The terminal will show something like the following:
The authenticity of host '172.22.10.100(172.22.10.100)' can't be established. ECDSA key fingerprint is 79:95:46:1a:ab:37:11:8e:86:54:36:38:bb:3c:fa:c0. Are you sure you want to continue connecting (yes/no)?
Go ahead and type yes, and then enter your root password.
Note: It is not encouraged to login as root on a regular basis, and this tutorial will help you set up an alternative user to login with permanently.
Create a New User
After you have logged in and changed your password, you will not need to login again to your server as root. In this step we will make a new user, with a new password, and give them all of the root capabilities.First, create your user; you can choose any name for your user. Here is to create a new user, "operator" (replace "operator" with your own username):
adduser operator
passwd operator
Root Privileges
As of yet, only root has all of the administrative capabilities. We are going to give the new user the root privileges.When you perform any root tasks with the new user, you will need to use the phrase “sudo” before the command. This is a helpful command for 2 reasons: 1) it prevents the user from making any system-destroying mistakes 2) it stores all the commands run with sudo to the file ‘/var/log/secure' which can be reviewed later if needed.
Let’s go ahead and edit the sudo configuration. This can be done through the default editor, which in CentOS is called ‘vi’:
visudo
Find the section called user privilege specification.
It will look like this:
# User privilege specification
root ALL=(ALL) ALL
Under the details of root's privileges, add the following line, granting all the permissions to your new user (to began typing in vi, press “i”):
demo ALL=(ALL) ALL
Then press
Esc to stop editing, then :, then wq, then Enter to save and exit the file.Configure SSH (OPTIONAL
Now it’s time to make the server more secure. These steps are optional. They will make the server more secure by making login more difficult.Open the configuration file:
sudo vi /etc/ssh/sshd_config Port 25000
PermitRootLogin no
We’ll describe these changes, line by line:
- Port: although port 22 is the default, you can change this to any number between 1025 and 65536. In this example, we are setting the SSHD port to 25000. Make sure you make a note of the new port number. You will need it to login in the future, and this change will require users to know to use port 25000 to connect to your server via SSH
- PermitRootLogin: change this from yes to no to stop future root login. You will now only login as the new user
AllowUsers operator
Then save and exit.
Reload SSH
Before your SSH configuration changes will take effect, you must reload the SSHD service:sudo systemctl reload sshd.service
To test the new settings (don’t logout of root yet), open a new terminal window and login into your virtual server as your new user. Be sure to substitute in your own username and IP address (and port, if you changed that setting):
ssh -p 25000 operator@172.22.10.100
Your prompt should now say:
[operator@hostname ~]$
No comments: