Initial User and Server Setup CentOS 7

Initial User and SSH Setup for InterServer's VPS Hosting CentOS 7 Minimal 64-Bit

Requirements:

  • InterServer’s OpenVZ VPS Hosting with CentOS 7 64-bit (instructions are for minimal distribution, but should work for regular distribution as well).
  • Putty or similar SSH client
  • root login and password

Initial User Setup

As the distribution name implies, this minimal distribution comes with no bells and whistles. As the server administrator, you will be expected to install any programs you may need. It’s important to realize this, since instructions for the regular CentOS 7 distribution may differ slightly.

Setting up your user environment makes sense, since this will aid in securing your server. Better safe than sorry!

Before we start. We will be making changes to restrict unauthorized access to your server. This means you could accidentally lose partial or full access to the server. This should not be attempted on a live production server, without first trying it on a test or new server to make sure it works. We cannot help you if something goes wrong. Please be careful.

First, let’s get all the updates for the distribution. Make sure you are logged in as root (your prompt will say root@servername and # to the right of the prompt). If you are not root, you will need to add sudo to each command you issue (sudo apt-get update).

  • Run yum update This will download any security or bug fix updates. Always start with this, since you may run into bugs that have already been fixed.
    If prompted, answer Y for yes,
  • Run yum upgrade Let’s upgrade any packages that may have deprecated.
    If prompted, answer Y for yes

At this point, you are ready to begin. You will need an editor, and nano is easy to learn and use (If at any point you received a message that the package was already installed, just skip to the next step):

  • Run yum install nano
  • Test by opening a file. You can try nano testfile Exit file by typing the combination ctrl-x

The sudo program will be required for giving users privileges. Without it, you will need to be logged in as root every time you need elevated privileges.

  • Run yum install sudo Before we can test sudo, will need to add a user

  • Run yum install dialog This will allow for installations to go smoother with a slightly upgraded interface.

We now have the tools necessary for the next steps. Lets add you as a user.

Add user

  • You can add users by typing adduser username
  • Give the user a password passwd username
  • Since this user will be a part of the wheel group, and have the ability to sudo (elevated privileges), you should pick a secure password. If a hacker figures out the password, your site will be damaged, or worse.
  • You may enter additional user information. You can leave these blank by hitting enter when prompted each time.

Add to wheel

  • Issue the command gpasswd -a username wheel
  • gpasswd -a will add a user to the group (wheel). gpasswd -d will delete a user from the group (wheel).
  • Members of the sudo group may become root, by typing ‘sudo su’ - Will test this later.

Why did we do this?

We have just created a user that will have the same abilities as root. One of the problems with having a root user available for remote connections, is that half of the login password scheme is already guessed. If I wanted to take over your server, I would try the root account first. Then try to guess at your password. I could try different types of brute-force attack strategies, utilizing root as the login. If there are no additional defenses, I can try a script to do dictionary attacks, use common words, and common passwords. This script could run thousands of combinations per minute, until it finds the correct combination.

Let’s defend against that, by disabling remote logins as root. Luckily for us, this is just a setting in the ssh configuration file.

Configure SSH

  • Let’s edit the sshd configuration file by typing: nano /etc/ssh/sshd_config
  • Will need to find the line that says #PermitRootLogin yes and change it to PermitRootLogin no (the # is erased).
  • Type the key combination Ctrl-x and type y to accept the change. Press Enter
  • Very Important: Test the new account we created before making the change official. We don’t want to lock ourselves out later. Open a new ssh session (we use Putty). Log on to your server as the user you just added.
  • Try gaining root, by typing sudo su
  • Enter the password of the user you just added. If everything went as planned, your prompt will say root@servername, and have a # after your login name.
  • (Optional) You can try running a command that requires elevated privileges, without using sudo. Type yum update If it runs, your user was setup correctly, and we can logoff by typing exit until the connection is closed.

Restart SSH

  • Type systemctl reload sshd

Congratulations! You have just taken the first step in shoring up your server. You should also consider a firewall and fail2ban to better secure your server.

This website is supported by our affiliation with web hosting companies. We encourage you to visit our friends at Interserver. They really do offer $6 per month VPS Hosting. Linux, windows and cpanel available, have super fast service, and they care about their customers!

See more articles in: Instructions, Security, InterServer, CentOS

comments powered by Disqus