11.12.2024

Initial Server Setup with CentOS 8

When you create a new CentOS Serverspace Cloud server you get a configured server with working network and SSH access to it. In this tutorial, we will walk through the steps for further server setup with CentOS 8.

Server connection

Connect to your new server via SSH using the instructions from your personal account for Windows or the following command for Linux:

ssh root@server_ip

Enter the IP address of your server instead of server_ip. If you selected an SSH key for authentication, the command will look like this:

ssh root@server_ip -i path/to/ssh/key

Package upgrade

To update packages on the system, use the following command:

dnf update

After the process is complete, you can clear the cache to free up disk space.

dnf clean all

Creating new users

To use the server with other people, it's a good idea to create an individual account for each of them. To do this, use the following command (replace username with the name of new account):

useradd username

To set a password for it:

passwd username

And allow the new user to execute sudo commands:

usermod -aG wheel username

Note that this will give the user big authority to manage the system, remove and install packages, and so on.

SSH configuration

If you have selected an SSH key for authentication, you can add a password method for other users. To do this, open the SSH daemon configuration file.

nano /etc/ssh/sshd_config

Find the PasswordAuthentication line and change it to yes.

PasswordAuthentication yes

To enable SSH key authentication (if it is disabled):

PubkeyAuthentication yes

Now restart SSH service.

systemctl restart sshd

SSH key configuration

Another way to increase server security is to use SSH keys and disable the password for user authentication. To do this, each user must create a pair of public and private SSH keys on their local machine (It is a good idea to set a passphrase during key creation):

ssh-keygen

And copy them to the server.

ssh-copy-id username@server_ip

When all users have configured authentication using SSH keys, you can set no for PasswordAuthentication in the /etc/ssh/sshd_config file.

Firewall configuration

To start the firewall and enable its autorun, use the following command:

systemctl enable --now firewalld

You must add a permission rule for each service that you plan to use. For example, let's open the HTTPS port.

firewall-cmd --permanent --add-service=https

After adding the rules, reload firewalld.

firewall-cmd --reload

It's a good idea to change the standard SSH port to reduce the risk of automatic password guessing. Open the /etc/ssh/sshd_config file. Uncomment the following line and change the value to 2266 for example:

Port 2266

Save and close the file. Add this port to the firewall and remove the default one.

firewall-cmd --add-port=2266/tcp --permanent
firewall-cmd --permanent --zone=public --remove-service=ssh
firewall-cmd --reload

Then restart the service.

systemctl restart sshd

Add the port number to connect via SSH now:

ssh root@server_ip -p 2266

Now the initial server setup with CentOS 8 is completed.