When first creating a Centos 7 server for VPS, there are some basic configurations that you need to apply. This basic configuration needs to be done to improve server security.
In addition, this basic configuration will make it easier for you to perform multiple installation packages. There are at least six basic configurations you should do. What are these configuration steps? We will explain them one by one in this article.
The following is a discussion of the initial steps of the Centos 7 VPS configuration:
1. Root Login
Root login is used for server login, you can get Login details in the panel or email when you buy a VPS.
If you're using Windows, you'll need an app like PuTTY. Enter the IP in the Host Name (or IP address) box and click Open.
Next, a page will appear to enter the user login as, then enter the password that was given via email when purchasing a VPS.
As for Linux and Mac, you can use the terminal which is already a built-in application on the operating system. Enter the command below to login the server.
$ ssh root@server_IP_Anda
Once the login process is complete, you will receive a warning about the authenticity of the host.
After clicking YES then you will be asked to enter your user login as and password.
If this is your first time logging into your server with a password, you can check the password in your contact admin email that you used to purchase your VPS at Exabytes. In that email, you'll get the full information for SSH login.
2. Update and Upgrade Server
After logging into the server, you need to update and upgrade the server to ensure that the program or application used does not occur errors.
On Centos 7 Server the yum update and yum upgrade commands will have the same function, which is to update to the latest version of the package. But the difference is that yum upgrade will remove old packages. While yum update will retain existing packages. In this tutorial, we use yum update because we want to keep the existing packages. Enter the following command.
# sudo yum update
Next, the number of package sizes to be installed will appear. You can press Y and ENTER to continue the installation.
3. Create a New User
After logging in as root, you can add a new user account that you can later use to log in to the server. The function of the new user here is to add a level of security when logging in. That way not just anyone can log into your VPS server. In addition, users also simplify the sever management and processing process.
In the example below, we created a new user with the name "dev". You can create a user with a name that suits your wants and needs:
# adduser dev
Next, set a password for the new user you have created (replace the dev user with the user you have created).
# passwd dev
Done, you have successfully created a new user. In adding users we can add as needed. You can repeat the above command to create a new user.
4. Add Public Key Authentication
The next step in securing your server is to set up Public Key Authentication for your new users. Public Key Authentication will provide convenience and security for logging in via SSH because users do not need to enter a username and password as usual (and prone to brute-force).
To create Public Key Authentication. You need to generate an SSH Key Pair. Here is how to create public key authentication:
Generate a Key Pair
To generate a New Key Pair SSH, enter the following command in your terminal:
# ssh-keygen
Assuming your local user is called "Local User", you should see output that looks like the following:
Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):
Press ENTER to accept the name and path of this file.
Next, you will be prompted to enter a passphrase to secure the key. You can enter a passphrase or leave the passphrase blank.
You have successfully created a Key Pair consisting of a Private Key id_rsa and a Public Key, id_rsa.pub.
You can see the Public Key file with the name Private Key, id_rsa and Public Key in the .ssh directory.
Notes:
If you leave the password blank, you will be able to use the private key to authenticate without entering a password. If you enter a passphrase, you will need both the private key and passphrase to log in. Securing your key with a passphrase is more secure, but both methods have their uses and are more secure than basic password authentication.
Copy of Public Key
After successfully creating the Public Key Authentication, you now need to copy it to your new server. There are two ways to copy this Public Key, using ssh-copy-id and manually. Choose one of the methods below that you find easy.
Option 1 - Use ssh-copy-id
Run ssh-copy-id using the command below. (Replace IP_server_you with your server's actual IP address).
# ssh-copy-id dev@IP_server_Anda
Next, you will be asked to enter the user password that you have created. After that, your Public Key will be added to .ssh/authorized_keys for remote users. Now the Public Key can be used to log in to the server.
Option 2 - Install Manually
Another way to copy the Public Key is manually. Run the command below to create your Public Key (id_rsa.pub).
# cat ~/.ssh/id_rsa.pub
This will display your Public Key, which will look like the following:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2JKuvHbEnEr7n2VbT48+feqkQxKOuQ+HwKJDSTTAnFr8IMa9xwvCvKMh6u/Cgej6fb7OAeCd77ExFsYCE+e6ny4935sg119H3qa1C3ZGH/OWSAsihRpGrsIMxle+PL38T9ExMmeiYB+VWt7X/s63//Fg8Pz5NekRGGd514qclyXtbP50KQ/Vno6R3usSfv01a8c4RD4tCCAEFaIzUovT/WO8n9ia6Wztm9dxqlVNHJj0zTta/0szhCanIFTbm1bHeXcJCLYrs+QootWGPyvhORHjkC0+7KMkA51OiCTAOV7xNpWOWYlJ85dw5H2E6/riyH513gNo0u7YnKA0ekZDJ root@dapitkurniawan.io
You must add the Public Key file above to a special file in the home/user directory. Here's how to add the Private Key file id_rsa and the Public Key, id_rsa.pub:
If you are still logged in as root, enter the following command to switch to a new user:
# su – dev
You will be in your home/new user directory.
Create a new directory called .ssh and restrict its permissions with the following command:
# mkdir ~/.ssh# chmod 700 ~/.ssh
Now open the .ssh file called authorized_keys with a text editor. We will use the nano command to edit the file.
# nano ~/.ssh/authorized_keys
Type this command to return to the root user:
# exit
Done now you have successfully added Public Key Authentication to the server.
5. Nonaktifkan Password Authentication
You can increase the security of your server by disabling password authentication. Doing so will restrict SSH access to your server to Public Key authentication only. This means that the only way to get into your server apart from the console is by having a Private key.
To disable password authentication on your server, follow these steps.
# nano /etc/ssh/sshd_config
Find the line that specifies PasswordAuthentication, remove the # sign and then change the value to "NO" as shown below.
Here are two other settings that are important for key-only authentication and are set by default. If you haven't changed this file before, you don't need to change these settings:
When you are done making changes, save and close the file using the Ctrl+X, then Y, then ENTER command.
Type this to restart SSH:
$ sudo systemctl reload sshd
Now password authentication is disabled. Your server is now only accessible with SSH key authentication.
6. Test Log In
Before logging out of the server, you should test your new configuration. Do not disconnect until you confirm that you can log in via SSH.
Here's how to ensure the success of your new configuration
Log in to your server using the new account you created. To do so, use this command if you are using Linux or Mac OS:
# ssh dev@IP_Server_Anda
If you are using Windows, you can open Putty and do a test login with the user you have created.
If you add Public Key authentication to New User, as described in steps four and five, your Private Key will be used as authentication. Otherwise, you will be prompted for your user password. Once authentication is provided to the server, you will be logged in as a New User.