When I first obtained my VPS, I knew I had to secure it. I am going to provide you some basic steps to boost the security of your server.
Root Login
First, login as root user (there’s no other way, really) to your server:
ssh root@your-ip-address
Change Default Password
Once you’re in, change your default password sent to your email:
passwd
Create New User
Next, create a new user (e.g. luvelle); you will use this username to login from now on:
adduser luvelle
Also, add a password for your new user:
passwd luvelle
Assign Root User to New User
Give your new user sudo privileges, so that it may perform certain actions on the root’s behalf:
visudo
This will allow you to edit the sudo configuration. Look out for the portion that specifies user privileges:
root ALL=(ALL) ALL
Add luvelle ALL=(ALL) ALL after that line, so that luvelle will have sudo privileges as well. (To begin typing, enter ‘i’ to insert text.)
After typing, press the ESC key, then type in ‘:wq’, followed by the Return key to save and exit vi.
Configure SSH
Reconfiguring SSH is important to ensure that others, particularly bots, do not get to attempt to SSH into your server as a root user.
Open the configuration file:
vi /etc/ssh/sshd_config
We shall change the default SSH port number from 22 to 64000 (or pick any value from 1025 to 65535). We shall also disable root login. Change the following values:
Port 64000
PermitRootLogin no
Add the following at the end of the file to allow only your new user to SSH in:
AllowUsers luvelle
Open the New SSH Port
You’ve got to make sure that your new SSH port is open before you reload your settings, otherwise, you’re just going to log yourself out of your server. To verify that the port is open, enter this into your terminal:
ss -tulpn
Note that netstat has been deprecated in CentOS 7, so use ss instead.
If your new port is not open, open your iptables file and configure it:
vi /etc/sysconfig/iptables
Add the following rule within your file:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 64000 -j ACCEPT
Restart iptables:
service iptables restart
Finally, reload your SSH service:
service sshd reload
Open a new terminal window now, and test your new settings! If you try to login as root on the default port, you will receive a message saying that your connection has been refused. Try this instead:
ssh -p 64000 luvelle@your-ip-address
The -p option allows you to specify the port number.
You should be connected now! To switch to root user, just enter su -, and enter your root password.
[…] this post, I changed the default port to SSH into my server, which means that I won’t be able to run […]
[…] you can run RabbitMQ Server. Make sure your port 5672 is open (Refer to this if you’re not sure how to do so): rabbitmq-server […]
[…] Now, you may login to your RabbitMQ Management via your web browser: http://your-ip-address-or-domain-name:15672 Port 15672 is the default port to run this system. Make sure it is open (follow instructions here if you do not know how to do so). […]
[…] Make sure that ports 20 and 21 are open (refer to this link if you’re unsure of how to do […]
[…] Proudly powered by WordPress | Theme: Zoren by FabThemes. WPCOM_sharing_counts = {"http://www.luvellecodes.com/centos-installing-a-cvs-server/":105} var windowOpen; jQuery(document).on( 'ready post-load', function(){ jQuery( 'a.share-facebook' ).on( 'click', function() { if ( 'undefined' !== typeof windowOpen ){ // If there's another sharing window open, close it. windowOpen.close(); } windowOpen = window.open( jQuery(this).attr( 'href' ), 'wpcomfacebook', 'menubar=1,resizable=1,width=600,height=400' ); return false; }); }); var windowOpen; jQuery(document).on( 'ready post-load', function(){ jQuery( 'a.share-twitter' ).on( 'click', function() { if ( 'undefined' !== typeof windowOpen ){ // If there's another sharing window open, close it. windowOpen.close(); } windowOpen = window.open( jQuery(this).attr( 'href' ), 'wpcomtwitter', 'menubar=1,resizable=1,width=600,height=350' ); return false; }); }); var windowOpen; jQuery(document).on( 'ready post-load', function(){ jQuery( 'a.share-linkedin' ).on( 'click', function() { if ( 'undefined' !== typeof windowOpen ){ // If there's another sharing window open, close it. windowOpen.close(); } windowOpen = window.open( jQuery(this).attr( 'href' ), 'wpcomlinkedin', 'menubar=1,resizable=1,width=580,height=450' ); return false; }); }); var windowOpen; jQuery(document).on( 'ready post-load', function(){ jQuery( 'a.share-google-plus-1' ).on( 'click', function() { if ( 'undefined' !== typeof windowOpen ){ // If there's another sharing window open, close it. windowOpen.close(); } windowOpen = window.open( jQuery(this).attr( 'href' ), 'wpcomgoogle-plus-1', 'menubar=1,resizable=1,width=480,height=550' ); return false; }); }); Send to Email Address […]