When you first begin to access your fresh new virtual private server, there are a few early steps you should take to make it more secure. Some of the first tasks can include setting up a new user, providing them with the proper privileges, and configuring SSH.
Once you know your IP address and root password, login as the main user, root. Use the following command (replace the highlighted numbers with your own IP address):
ssh [email protected]172.22.10.100
The terminal will show something like the following:
The authenticity of host '
172.22.10.100)' can't be established. ECDSA key fingerprint is 79:95:46:1a:ab:37:11:8e:86:54:36:38:bb:3c:fa:c0. Are you sure you want to continue connecting (yes/no)?
Go ahead and type yes, and then enter your root password.
Note: It is not encouraged to login as root on a regular basis, and this tutorial will help you set up an alternative user to login with permanently.
Create a New User
After you have logged in and changed your password, you will not need to login again to your server as root. In this step we will make a new user, with a new password, and give them all of the root capabilities.
First, create your user; you can choose any name for your user. Here is to create a new user, “operator” (replace “operator” with your own username):
Second, create a new user password (again, substitute “demo” with the user that you just created):
As of yet, only root has all of the administrative capabilities. We are going to give the new user the root privileges.
When you perform any root tasks with the new user, you will need to use the phrase “sudo” before the command. This is a helpful command for 2 reasons: 1) it prevents the user from making any system-destroying mistakes 2) it stores all the commands run with sudo to the file ‘/var/log/secure’ which can be reviewed later if needed.
Let’s go ahead and edit the sudo configuration. This can be done through the default editor, which in CentOS is called ‘vi’:
Find the section called user privilege specification.
It will look like this:
# User privilege specification root ALL=(ALL) ALL
Under the details of root’s privileges, add the following line, granting all the permissions to your new user (to began typing in vi, press “i”):
demo ALL=(ALL) ALL
Esc to stop editing, then
Enter to save and exit the file.
Configure SSH (OPTIONAL
Now it’s time to make the server more secure. These steps are optional. They will make the server more secure by making login more difficult.
Open the configuration file:
sudo vi /etc/ssh/sshd_config
Find the following sections and change the information where applicable:
Port 25000 PermitRootLogin no
We’ll describe these changes, line by line:
- Port: although port 22 is the default, you can change this to any number between 1025 and 65536. In this example, we are setting the SSHD port to 25000. Make sure you make a note of the new port number. You will need it to login in the future, and this change will require users to know to use port 25000 to connect to your server via SSH
- PermitRootLogin: change this from yes to no to stop future root login. You will now only login as the new user
If you would like to restrict SSH access a particular user, add this line to the bottom of the document (replace “demo” with your username):
Then save and exit.
Before your SSH configuration changes will take effect, you must reload the SSHD service:
sudo systemctl reload sshd.service
To test the new settings (don’t logout of root yet), open a new terminal window and login into your virtual server as your new user. Be sure to substitute in your own username and IP address (and port, if you changed that setting):
ssh -p 25000 email@example.com
Your prompt should now say: