When I first obtained my VPS, I knew I had to secure it. I am going to provide you some basic steps to boost the security of your server.
First, login as root user (there’s no other way, really) to your server:
Change Default Password
Once you’re in, change your default password sent to your email:
Create New User
Next, create a new user (e.g. luvelle); you will use this username to login from now on:
Also, add a password for your new user:
Assign Root User to New User
Give your new user sudo privileges, so that it may perform certain actions on the root’s behalf:
This will allow you to edit the sudo configuration. Look out for the portion that specifies user privileges:
root ALL=(ALL) ALL
luvelle ALL=(ALL) ALL after that line, so that
luvelle will have sudo privileges as well. (To begin typing, enter ‘i’ to insert text.)
After typing, press the
ESC key, then type in ‘:wq’, followed by the
Return key to save and exit vi.
Reconfiguring SSH is important to ensure that others, particularly bots, do not get to attempt to SSH into your server as a root user.
Open the configuration file:
We shall change the default SSH port number from 22 to 64000 (or pick any value from 1025 to 65535). We shall also disable root login. Change the following values:
Add the following at the end of the file to allow only your new user to SSH in:
Open the New SSH Port
You’ve got to make sure that your new SSH port is open before you reload your settings, otherwise, you’re just going to log yourself out of your server. To verify that the port is open, enter this into your terminal:
netstat has been deprecated in CentOS 7, so use
If your new port is not open, open your
iptables file and configure it:
Add the following rule within your file:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 64000 -j ACCEPT
service iptables restart
Finally, reload your SSH service:
service sshd reload
Open a new terminal window now, and test your new settings! If you try to login as root on the default port, you will receive a message saying that your connection has been refused. Try this instead:
ssh -p 64000 luvelle@your-ip-address
-p option allows you to specify the port number.
You should be connected now! To switch to root user, just enter
su -, and enter your root password.