Initial Server Setup with CentOS 8
When you create a new CentOS Serverspace Cloud server you get a configured server with working network and SSH access to it. In this tutorial, we will walk through the steps for further server setup with CentOS 8.
Server connection
Connect to your new server via SSH using the instructions from your personal account for Windows or the following command for Linux:
ssh root@server_ip
Enter the IP address of your server instead of server_ip. If you selected an SSH key for authentication, the command will look like this:
ssh root@server_ip -i path/to/ssh/key
Package upgrade
To update packages on the system, use the following command:
dnf update
After the process is complete, you can clear the cache to free up disk space.
dnf clean all
Creating new users
To use the server with other people, it's a good idea to create an individual account for each of them. To do this, use the following command (replace username with the name of new account):
useradd username
To set a password for it:
passwd username
And allow the new user to execute sudo commands:
usermod -aG wheel username
Note that this will give the user big authority to manage the system, remove and install packages, and so on.
SSH configuration
If you have selected an SSH key for authentication, you can add a password method for other users. To do this, open the SSH daemon configuration file.
nano /etc/ssh/sshd_config
Find the PasswordAuthentication line and change it to yes.
PasswordAuthentication yes
To enable SSH key authentication (if it is disabled):
PubkeyAuthentication yes
Now restart SSH service.
systemctl restart sshd
SSH key configuration
Another way to increase server security is to use SSH keys and disable the password for user authentication. To do this, each user must create a pair of public and private SSH keys on their local machine (It is a good idea to set a passphrase during key creation):
ssh-keygen
And copy them to the server.
ssh-copy-id username@server_ip
When all users have configured authentication using SSH keys, you can set no for PasswordAuthentication in the /etc/ssh/sshd_config file.
Firewall configuration
To start the firewall and enable its autorun, use the following command:
systemctl enable --now firewalld
You must add a permission rule for each service that you plan to use. For example, let's open the HTTPS port.
firewall-cmd --permanent --add-service=https
After adding the rules, reload firewalld.
firewall-cmd --reload
It's a good idea to change the standard SSH port to reduce the risk of automatic password guessing. Open the /etc/ssh/sshd_config file. Uncomment the following line and change the value to 2266 for example:
Port 2266
Save and close the file. Add this port to the firewall and remove the default one.
firewall-cmd --add-port=2266/tcp --permanent
firewall-cmd --permanent --zone=public --remove-service=ssh
firewall-cmd --reload
Then restart the service.
systemctl restart sshd
Add the port number to connect via SSH now:
ssh root@server_ip -p 2266
Now the initial server setup with CentOS 8 is completed.