Centos: Getting Started

Centos: Getting Started

Centos: Getting Started

Once you have a VPS setup the first thing you will need to do is logging into it.
Login to your VPS using credentials sent to you;
If you are using windows then Download PuTTY; “PuTTY is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers.”

Step 1 – Root Login

If using Putty just inset the server_ip_address in the IP field and hit connect which will open up the terminal.

Using a linux terminal just input the following command.

[user@localhost ~]$ ssh root@server_ip_address

You will be prompted for a password or a private-key, depending on your choice insert it to complete the login process.
root is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the superuser.

We will want to update the server and add a few packages that we’ll want later

[root@remotehost ~]# yum -y update && yum -y install sudo vim tmux

Step 2 – Add User

We ultimately wouldn’t want to use the root user all the time or at all for that matter. We will add a new user ‘naurus’ and give that user root (sudo) privilages.

[root@remotehost ~]# useradd naurus && passwd naurus
Changing password for user naurus.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@remotehost ~]#

Password prompt will come up, be sure to use a strong password, then type the password again.

Step 3 – Add User to Wheel

We will now add the user ‘naurus’ to the wheel group so he can run root commands.

[root@remotehost ~]# usermod -aG wheel naurus

Usermod is the command to modify user attributes. The -a switch appends the user ‘naurus’ to the wheel group without removing ‘naurus’ from his original group, -G switch adds the user ‘naurus’ to the group wheel.

Step 4 – Key Authentication

There are 2 methods in creating an authentication key pair, first is using Terminal on your local machine and second using Putty.

In all cases we need to create a .ssh directory and give it permissoins 0700, and create 2 files in there, a file called id_rsa and authorized_keys we will give them permissions of 0600

[root@remotehost ~]# su naurus
password:
[naurus@remotehost ~]$ mkdir ~/.ssh && chmod 0700 .ssh
[naurus@remotehost ~]$ touch ~/.ssh/{id_rsa,authorized_keys}
[naurus@remotehost ~]$ chmod 0600 ~/.ssh/{id_rsa,authorized_keys}
Method 1 – Create SSH Key Pair using Terminal

Under linux, open another terminal on your local machine and use the following command to create a Public/Private key pair.


[user@localhost ~]$ ssh-keygen -f ~/.ssh/id_rsa -t rsa -b 4096
Generating public/private rsa key pair.
/home/user/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:EvZ2zEGSgkJpiHk2d/TR9cfWNV1Z2vVLb49a2MbNlj8 user@localhost
The key's randomart image is:
+---[RSA 4096]----+
|.+.. o. oo... .X|
|+ B o o..+. . =B|
| + + .o.. . o.B|
| . o o . .oo|
| . S + .o|
| o . + =o|
| . *.=|
| + E.|
| . o|
+----[SHA256]-----+

The algorithm is selected using the -t option and key size using the -b option, -f switch will create the file id_rsa in .ssh directory. Another file id_rsa.pub will be created in the process which is the public key. Rename id_rsa.pub to authorized_keys

[user@localhost ~]# mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

To use public key authentication, the public key must be copied to a server and installed in an authorized_keys file. This can be conveniently done using the ssh-copy-id tool. Like this:

[user@localhost ~]# ssh-copy-id ~/.ssh/id_rsa naurus@server_ip_address

After the key has been installed, log into the server using the new user account.

[user@localhost ~]# ssh -l naurus server_ip_address
Method 2 – Create SSH Key Pair using Putty

This site explains how this is done well. Follow the guide to get your key pair using Putty under Windows.

https://www.ssh.com/ssh/putty/windows/puttygen

Step 5 – SSH Config

Now we need to make a few changes to the SSH Configuration file, first we want to block root access to the SSH Daemon, second we want to disallow password authentication and enable key authentication. That way we will login to the shell with the key pair we created earlier instead of naurus’s password.

To do this we will again connect to the remote host as the new user we created before ‘naurus’ by using the following command:

[user@localhost ~]$ ssh -l naurus server_ip_address

Once logged into SSH we will interact as sudo and invoke the following command to start editing the SSH Configuration file. But before we start editing the ssh configuration file let’s make a backup of it first

[naurus@remotehost ~]$ sudo -i
[sudo] password for naurus:
[root@remotehost ~]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
[root@remotehost ~]# vim /etc/ssh/sshd_config

To block root access to the SSH Daemon we will look for the following line

#PermitRootLogin yes

We will want to remove the comment ‘#” and replace the yes to a no. Type the letter I to start edit mode in vim then delete the comment and replace yes to no. Press Esc key to exit edit mode and :wq to save the file and quit vim. The end result will look like this.

PermitRootLogin no

To disallow password authentication we will look for the following line and remove the comment in front of it

#PasswordAuthentication yes

So it will look like this

PasswordAuthentication yes
Restart SSH Server

For the changes to take effect the ssh server has to be restarted. Using the following command restart the ssh server.

[root@remotehost ~]# systemctl restart sshd

Before logging out of the server make sure that everything works so that you wouldn’t lock yourself out. Open a new terminal window and login to the server again, if you’re logged in using the key pair authentication then you’re all set. If not go back through this walkthrough to make sure you haven’t missed anything.

Then exit the interactive sudo we invoked earlier

[root@remotehost ~]# exit
[naurus@remotehost ~]$
What to do next?

I suggest that you follow my next walkthrough on how to install LEMP stack on your server to start serving content.

Also should you be interested in installing a VPN or even a Proxy for your server.