Setting up your server with CentOS 7: Steps and Guidelines

Tips on the first steps you should be taking with your CentOS 7 Server

Blue Light Tech

The steps we will go through are as follows:

  1. Creating the Server
  2. Root Login
  3. Creating a New User
  4. Add Root Privileges
  5. Public Key Authentication
  6. Disable Root Login

Creating the Server

So you’ve bought one of our packages, and are now wondering the best way to get started with your newly provisioned server. Well we’ve put together a quick guide, of how to create your CentOS 7 Cloud server, and the most important first steps to take before you get into your project.

  1. Please note we already have OS templates ready to be installed on your Cloud, so you won’t need to download any. To get started, go to the Cloud Services from your Control Panel.
  2. Click on 'Add New Server' and choose the configuration settings for your new server.
  3. A progress bar will show, as our systems get your Cloud server configured correctly.
  4. You will then reach this screen, showing the state and other information on your server. The On/Off toggle shows that the server is up and running. The Hostname was chosen when creating the server, along with the IP Address allocated to it.

Root Login

While creating the server, an account was opened just for you as the Administrator of the server. The name for that is known as root. As a root user, you have full access, privileges and control over the server. So, before you can access the server, make sure you have the root password. Take this password and start up your ssh client (e.g Putty) Download Putty

If you do not know what a ssh client is or how to connect, please refer to our article here...()

  1. Once you are logged-in, change your password by typing the following command:
    passwd root
  2. You will be asked for a new password for the root user twice.

Creating a New User

It is not enough to change the password of the root user, it is also necessary to create another user account with lower privileges to use to login via ssh.

Lets create another user.

  1. In the terminal, type the following code:
    adduser demo

    (choose your own name for the user)

  2. Next, assign a password to the new account demo by typing
    passwd demo

    Ensure this is a strong password (using a Random Password Generator can help, such as PasswordGenerator )

Add Root Privileges

  1. Type:
    gpasswd -a demo wheel

    What this command does is gives your new user the root (super) privileges. The 'wheel' in the code is the 'group' that designates this power. Any user in the group, according to Centos 7 has the ability to act like root by adding 'sudo' as the prefix to any command they give.

Public Key Authentication

This change makes your server much more secure. What we will be doing is ensuring that logins take place from only the locations that have the private key. This improves security since the server will be taking login access from only the footprints of your computer.

We shall be making use of a program known as PuttyKey Generator (A.K.A PuttyGen).Download your preferred version here. With this program, we shall be generating 2 sets of keys, one public and the other, private. The public key will be saved on the server while the private key will be saved on our local machine. Once the 2 keys match, access is granted.

  1. Begin by running PuttyGen
    1. Under Parameters, select the type of key (preferably SSH -2 RSA) and also type in the number of bits you want (the default is 2048 but you can increase it to 4096).
    2. After this, click on the 'Generate' button.
    3. Then add a comment and/or passphrase. Passphrase adds another layer of security and will be asked for before the keys are auto-loaded during authentication. This is not compulsory.
    4. Once you are through, save the 2 keys separately.

      Important: If you lose your private keys, you may not be able to access your server again!

    5. Scroll up and right-click on the text field that says: 'Public key for pasting into OpenSSH authorized_keys file '. And 'Select All'. Right click again and choose 'Copy'
  2. Now that you have successfully generated your keys, its time to save the newly copied 'Public key' to the server.
    1. Login and type the following code to create a directory for the keys:
      mkdir ~/.ssh
    2. Secure it by typing
      chmod 0700 ~/.ssh
    3. To create the file, now type:
      touch ~/.ssh/authorized_keys
    4. Secure it by:
      chmod 0644 ~/.ssh/authorized_keys
    5. Now, open that file by typing:
      nano ~/.ssh/authorized_keys
    6. Now paste the copied key here by pressing 'Ctrl + Insert' from your keyboard

      Note, the beginning of the keys should be ssh-rsa

    7. Save the file by pressing Ctrl + O and exit by pressing Ctrl + X
    8. You’ll now need to restart the ssh service with the command:
      service sshd restart
  3. Now that the public keys have been saved, lets save the private keys to your local computer.
    1. Fire up your local SSH login console (e.g. Putty)
    2. Type in the IP address of your server and port number in their respective fields.
    3. Look towards the right and expand the 'Connection' Toggle

      Click also on 'SSH' to expand, then select 'Auth'.

    4. In the window, you will see 'Private Key file for authentication' Browse to the location of the private key you saved earlier and select it.
    5. Now, go back to the Session Category and click on 'Save'
  4. You can test this setup by simply accessing the server again via the putty program. You will notice that there is no more need to login with your password.

Disable Root Login

A final step to secure up your SSH, is to make a modification to the SSH Daemon configuration, which will prevent logins as the root user. This is more secure, and allowing root logins is unnecessary now that we have our new user who can escalate permissions.

  1. To get started, fire up your putty again and type this:
    nano /etc/ssh/sshd_config
  2. While inside the file, scroll to where you will find:
    #PermitRootLogin yes
  3. Change it to:
    PermitRootLogin no

    Make sure you have removed the # sign, which uncomments the line and therefore activates the option.

  4. Reload the ssh server again by typing:
    service sshd restart
  5. Before we finish, we need to test this configuration and make sure that we haven’t denied ourselves access completely. The best way to do this is start up another Putty window, and ensure that you can still connect and login to the server.

What now?

You now have a secure configuration enabled on your server, so it’s ready for you to proceed with your project. We have a range of guides that can help with common setups, such as a LAMP server for hosting a website, and also guides on best practices with your setups, so head back to our Knowledge Base for further tips.


ACoarIrono - 02/10/2017 11:48:47

The ED caused by that surgery could be either temporary or permanent. Thus, in the event the muscles inside the penile area are relaxed, more blood will type in the penis and a bigger harder erection will occur.

Blue Light Tech - 02/11/2015 14:24:18

Thanks for pointing that out Mark, we've updated it and it should be working for you now!

Mark Howard - 02/11/2015 14:20:44

Useful guide, especially helping with SSH keys.

The link for Putty needs updating, it doesn't work for me!