The basic settings of a VPS server with CentOS 7 are similar to those in Ubuntu. The steps below will increase server security with CentOS 7. I must specify that all tests and installations from both this article and the following are made on a VPS server purchased from mvps.net but should work smoothly on any VPS server or dedicated with CentOS. At the same time, the system I connect to the server is Linux, but probably the same commands also work for Windows with Putty.
Step 1 – connect as root
The first connection will be made through ssh as root, using the public IP address of the server:
You will be asked if you sure you want to continue connecting (yes/no)? You will type yes and then you will be prompted for the root password on the VPS server (no keystrokes will appear when typing the password, so be careful when pressing the keys).
Superuser (or root) is the user with administrative rights in a Linux environment. For this reason, it is not recommended to use the root account for current activities on a Linux server – using the root user, a simple accident/inadvertently destroys a Linux server.
Step 2 – Add a new user
Just because the root superuser can cause inconvenience, it is advisable to add a normal user to which we will then grant root privileges. The command below will create the demo user:
We will set the new user’s password with the command:
We will be asked to enter the chosen password twice:
# passwd demo
Changing password for user demo.
Retype new password:
passwd: all authentication tokens updated successfully.
Step 3 – Setting the administrative privileges for the new user
At this moment, we have the superuser root and the demo user with the usual privileges on the server. We need to grant administrative privileges to the new user. For this, we will add the new demo user to the wheel group:
gpasswd -a demo wheel
Now, the demo user can execute commands with root privileges using sudo before the command itself. As a minimal CentOS 7 server, the sudo command is not installed; as a root, we will run the command:
yum install sudo
To check the new user’s privileges, we will change from the root user to the demo user with the command:
su – demo
Now, we’ll find ourselves in the demo user’s home directory.
Our CentOS 7 system is outdated. For verification, we will issue the /etc/*-release command.
It is necessary to update the system with the command sudo yum update (so we also check the functioning of the administrative rights for the newly created demo user).
Step 4 – Configure the SSH daemon
We need to secure the new server a bit, forbidding the connection as root through ssh. This will only be allowed for the new demo user. To avoid using the vi editor, we will install nano:
sudo yum install nano
With nano, we will edit the following file:
sudo nano / etc / ssh / sshd_config
We will look for the line (remind: searching in the nano text editor is done by pressing CTRL + W):
We will break this line by wiping the # character and write no instead of yes to look like this:
This change requires reloading the SSH daemon:
sudo systemctl reload sshd
Before we log out of the server, we need to check the new settings. We will open a new terminal and we will type:
We should receive a message like the one below:
Permission denied, please try again.
Next, we will write the following command to connect with the newly created demo user:
We should connect now to our VPS server with CentOS 7 without any problems.
Step 5 – Setting the timezone
Once connected to the VPS server, we give the date command and we will receive a message that shows the time of the server. As it is not the one we want, we need to tell the server what date and time it actually is and use the timedatectl command:
sudo timedatectl set-timezone continent/country
At a new data command or sudo timedatectl, we will get the answer with the correct date and time.
Set up NTP sync
We want our VPS server with CentOS 7 to be constantly upgraded with the accurate time. To do this, we will install NTP with the following command:
sudo yum install ntp
We also need to start the service for the current session and enable it to start at each server restart:
sudo systemctl start ntpd
sudo systemctl enable ntpd