You are on page 1of 25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

STEAL DEALS:

$13/YEAR 128MB XEN PV VP...

$9.87/YEAR 1GB RAM SSD V...

HOW TO

$25/YEAR 1GB RAM DDOS-PR...

$25/YEAR 2.5GB RAM VPS @...

TOPICS :

NEWS

ABOUT

SITEMAP

WRITE FOR US

RECOMMENDED
VPS
Complete list of best
VPS hosting
providers.

BASIC CENTOS SETUP


BEFORE BUILDING A
WORKING SERVER

Searchthesite

Sawiyati | March 18th, 2013 | How To | 72 Comments

GreenHosting
GetSecure&PowerfulDedicatedServersonlyfor130$permonth.
Clickhere.
ads by BSA

All essential things you have to do in the first time to build a


web server on CentOS 6. You may simply straight forward to
install Apache, Nginx, Lighthttpd, or any web server you want but it
is strongly recommended to firstly follow some basic and common
http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

1/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

practices of initial server setup. This is aimed to tweak and apply


some basic security protection on your server and make it real

HOW TO ADD
NEW WEBSITE
ON VESTA CP

private. For instance, to change default root login, change default


SSH port and so on.

84 Comments

Following all steps in this initial CentOS server setup is not a must
but strongly recommended. However the decision is up to you. I

BASIC CENTOS
SETUP BEFORE
BUILDING A
WORKING

assumed you have either VPS or Dedicated server already so you


can follow this guide.
In this example, I use a VPS with 512Mb of RAM running CentOS
6.3 x32 located in Amsterdam hosted by DigitalOcean.

Step 1 Login to your remote server via SSH connection. You can
use either use Terminal (Mac / Linux) or Putty in Windows. You
should login as root. Read my previous articles:
Where To Download Putty and How To Use It
Top most used Unix commands to SSH to a Linux server
During your first login, Putty (or Terminal) will ask you to cache
servers host key in the registry and remember servers ras2 key

SERVER
72 Comments

HOW TO ADD
NEW SITE
INTO YOUR
APACHE-BASED
CENTOS SERVER
71 Comments

HOW TO BUILD
OPENVPN
SERVER ON
CENTOS 6.X
60 Comments

fingerprint. Dont panic and simply hit Yes.

HOW TO
INSTALL
VESTACP ON
CENTOS 6.5
VPS
54 Comments

Step 2 Change default password for root. Sometimes a VPS or


http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

2/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

server is created using random password generated by the


providers management software. It is good practice to change it to
something easier to remember by you but hard to crack or guess
by others. Use this command syntax:
1

passwd

Youll then be asked to enter your new password twice.

Make sure you use strong words and numbers combination but
also make sure you can easily remember it.
Step 3 Create new user. This new user will be used for you to
login to your server in the next time because you have to also
disable root login (Ill tell you in the next steps) because root is
really a standard username hackers can easily guess. Its just like
admin or administrator in Windows. Use command below to
create new username:
1

/usr/sbin/addusernewuser

*change newuser above with your own new username. In this


example I use my name sawiyati.
Then issue this command to setup password for that user:
1

passwdnewuser

Upon hitting Enter on your keyboard your server will ask you to
type the password for that user.

http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

3/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

Step 4 Setup root privileges to that user so once you logged in


to your server using that new user you will still be able to perform
any root only tasks. To do that simply issue this command:
1

/usr/sbin/visudo

then look for the line / section called:


1
2

#Userprivilegespecification
rootALL=(ALL)ALL

or in different CentOS release it may also like this:


1
2

##Allowroottorunanycommandsanywhere
rootALL=(ALL)ALL

Then add this line right after the root line:

## Allow root to run any commands anywhere


root
ALL=(ALL)
ALL
newuser ALL=(ALL)
ALL
it should look like this:

How to edit? If you dont have Nano editor installed yet, simply hit
a (without quotes). Once done adding new line, simply hit Esc key
to exit editing mode. Now press Shift key + ZZ to save and exit vi
editor.
Step 5 Change SSH default port and disable root login. This is
what I mean in step 3 above. In this case youll need to edit
http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

4/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

sshd_config file which is the main configuration file of SSH service


in your server. You can either use vi or Nano to edit it. In this
example I use Nano editor:
1

nano/etc/ssh/sshd_config

Then fine following lines:


1

#port22

Remove the # symbol and change the 22 (it is default port) to to


any number between 1025 and 65536, For example is port 22000.
Example:
1

port22000

Next, also find:


1

#PermitRootLoginyes

Remove the # symbol and change yes to no

PermitRootLogin no
So it will look like this:

Next, find this line as well:


1

#UseDNSyes

Remove the # symbol and change yes to no


http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

5/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

UseDNS no
It may look like this:

Dont close Nano editor just yet, now proceed to the next step:
Step 6 Allow new user to login via SSH to your server. Simply
add this line in the very bottom of that file:
1

AllowUsersnewuser

Of course you have to replace newuser with your own username


created in the step 3 above. Example:

Once done, hit Control+O to save then Control+X to exit Nano


editor.
Step 7 Reload SSH service. To make sure the new configuration
is used by the service, simply reload SSH by using this command:
1

/etc/init.d/sshdreload

It should return with the OK message.


Step 8 Give it a try! I assumed currently you are still logging in as
root. Dont close that SSH session yet before you test it and make
sure all the settings you defined in SSH config file really works.
Now launch another Terminal window or launch another Putty
http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

6/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

instance then login using new SSH port, new username, and of
course new password.
After the changes, youll see your new username instead of root:

Enjoy..

SHARE THIS:

Facebook

32

Twitter

Google

Reddit

RELATED POSTS
HOW TO ADD NEW

CONNECTING YOUR

WEBSITE ON

SERVER WITH YOUR

KLOXO-MR CP

DOMAIN USING

9 Comments | Oct 3, 2014

FREE DNS MANAGER


15 Comments | Mar 29, 2013

ZPANELX CP V10.1.1
IS NOW AVAILABLE!
31 Comments |
Mar 4, 2014

BASIC SECURITY
SETUP FOR CENTOS
WEB PANEL
15 Comments | Jan 7, 2015

ABOUT THE AUTHOR


Sawiyati
Hi! I'm Sawiyati, a mom with passion
about blogging, programming and
everything techy. Having no offline job,
so I decided to start blogging while
learning what I love for. You can find me at Google+ here.

http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

7/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

72 COMMENTS

saeed

Reply

June 21, 2013

hi/
Really helpful
Thanks

Tendai Afrika

March 13, 2015

Reply

Thanks be blessed,,,,,,i am a newbie in Centos,


thanks for the well detailed tutorial

Siddeswara

July 3, 2013

Reply

A very well detailed tutorial. Thank you. I am trying out my


hands on linux for the first time and your tutorial was both
very well illustrated and helpful.

Sawiyati

July 6, 2013

Reply

Glad to know it is helpful

Neville Scollop

July 13, 2013

Reply

it seems that the most basic thing is missing; how to actually


install the OS itself, that I cannot find?? I am interested in
learning how to install a centos LAMP from the netinstall to
run headless.
A tutorial on that would be great! I love the other stuff that you
have in your blog. it is the most comprehensive and well
written, easy to understand blog I have ever come across. A lot
of sites assume the user already knows the commands to edit
http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

8/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

and save configs, you dont make that assumption and I love it
for that!

Sawiyati

July 16, 2013

Reply

Hi Neville, usually, most VPS providers are already


installed the OS of your choice during setup. So it is
ready-to-use. Well, some providers also provide
their users with VPS control panel where users can
re-install OS from there

Ali Douglah

May 20, 2014

Reply

hello in the begining id like to thank you


for your efforts making such beautiful
tutorial, can you please explain how do
we install the os because some of the
viewers are setting there own home web
servers at home for personal websites
and dont know how to install it or set and
config there ip addresses
thx alot

abu

July 20, 2013

Reply

very nice, i have learn something new today


bookmarked

Cyrus

August 2, 2013

Reply

Thanks for your Tut madame. but i have problems


Why I get error after doing this, when I open putty and access
my server to the new port I configured.
http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

9/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

Network Error: Connection timed out.,,

Daniel

August 16, 2013

Reply

Thanks for this great and clear tutorial for a VPS beginner like
me!

Nathan

September 1, 2013

Reply

This is a great tutorial, thank-you heaps.

Virtual

October 2, 2013

Reply

You forgot to mention that they need to allow the new ssh port
through iptables.

Sawiyati

October 5, 2013

Reply

thanks

Jim

October 26, 2014

Reply

Yes, it worked great AFTER setting up iptables!


These are really great tutorials. I wish you had
social media links so I could share them easier.

Foro Ovnis

October 11, 2013

Reply

Great tutorial. You should also add how to forward the new
SSH port in iptables though, many people might get locked out
if they forget not to close their active section or if their
http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

10/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

computer crashes while theyre working on it. Thanks!

alex

Reply

November 10, 2013

Very understandable , i am just a begginer user of vps and I


could do it thanks a lot.

Sawiyati

November 12, 2013

Reply

Glad you liked it

lpdourado

November 19, 2013

Reply

Hi!
I follow the tutorial, but when I try to test the configuration
openning another SSH connection, shows me a error message:
Network error: Connection timed out.
On Putty, I put the IP address of the CentOS server with 22000
port.
I already close the first SSH connection where I was logged
with root, thinking thats was the problem.
If you can help me with this.
Thanks.

Cory

November 28, 2013

Reply

Open your ports in iptables. See my original


comment.

eugene

March 10, 2014

http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

Reply
11/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

Yes, but if you closed the default root ssh


connection, you cant run commands
anymore. What have I done!? Please help
me.

Sawiyati

March 11, 2014


Reply

You should follow all procedure


correctly. Also do not close
current ssh session while trying to
establish new ssh session to test
new username

RimaS

Reply

November 20, 2013

About itables its true, dont forget! Anyway, I am confused. If


you disable root account and use just other one with su
priveleges to connect withh ssl, you leave the port open. If you
close ssh port as root, you cant enable ssh with su or I am not
right?

Sawiyati

November 28, 2013

Reply

Just use another port. If it is closed then open that


port first while you can leaving default port (22)
open or closed thats up to you

but you better

close any unnecessary ports. Anyway, this is just a


very basic security setup to avoid kiddies
bruteforcing your server, not total protection but at
least slow em down. For advanced protection then
youll need advanced security setup.

http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

12/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

Cory

Reply

November 21, 2013

I was getting connection time outs until I manually opened the


port in iptables using the following command:

iptablesIINPUTptcpdportYOURPORT
NUMBERjACCEPT
Hope this helps someone.

Cory

November 21, 2013

Reply

Theres two dashes before dport. Correction:

iptablesIINPUTptcpdport
YOURPORTNUMBERjACCEPT

anonimo

October 17, 2014 Reply

this should be added to the very end of


the tutorial in red big capital letters, so
people who are learning understand
better the all configuration process,
regards and thanks.

Hilman

January 5, 2014

Reply

Sweet. Thanks dude!

http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

13/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

Leoui

Reply

February 11, 2014

Makasi banyak Tante.. Thats really helps..

Leoui

February 11, 2014

Reply

btw, i got this error note, Tan..


mkdir: cannot create directory `/var/www': Permission denied

Sawiyati

February 12, 2014

Reply

you should login as root or user with root privilege

eugene

March 10, 2014

Reply

I cant $ su from the newly created user.


I fixed the issue with $ chmod 4755 /bin/su , is this ok
security wise ?

RImas

March 11, 2014

Reply

It is very bad mate.

wisse

April 4, 2014

Reply

Thank you for the tutorial,


Logging in from ssh works good with the new user, theres only
one problem i have right now: as soon as i try to acces the
http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

14/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

/usr/sbin/visudo along with some other folders with root acces


i cannot acces it. When trying to acces the file i get this error:
visudo /etc/sudoers permission denied
I followed every step in your tutorial and i cannot figure out
why it does not work . Does anyone have this same problem or
does anyone know a good solution?
Thanks,
Wisse

Fernando Aguilar

April 7, 2014

Reply

Thanks for this guide.


It has been very helpful to me and I learned something very
important today.

Hendra

April 16, 2014

Reply

Great tutorial. this is my first time install Linux and all working
excellent.
btw what is the difference between using UseDNS yes and
UseDNS no
in /etc/ssh/sshd_config

Melsi

May 16, 2014

Reply

Luckily I followed the advice not to close the current


connection until testing is ok. Changing the port takes more
steps than editing the sshd_config, so one should be very
carefull with this in order not to lock him self out of the
system.

http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

15/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

predrag

Reply

June 1, 2014

I just fckdup my new entos install with this guide As a new


user I cant install nothing not a sudoer not a sh!t. How am I
going to reverse these changes since I screw up denying root
to ssh????

predrag

June 1, 2014

Reply

ok, got it! ssh as new user and when in just type su
- and then roots pass and youre in, destroy the
damn thing whatever two stupid posts from me
but it will help some newbie like me :/

arline's mom

June 10, 2014

Reply

thanks for the tutorial. I was greatly helped. I am also looking


for the same tutorial for debian OS. hopefully I also find it
here.

eljefe

June 12, 2014

Reply

I followed the directions on a server I setup on a digital


hosting website. After creating the user, and after altering the
necessary files, when I try to log-in via ssh with the new user, I
get a connection refused message.
What did I do wrong? I just edited iptables and included port
22 and 22000, but still the connection is refused. I made sure
ssh and iptables both reloaded, and were running, and still no
connection allowed.
(Fortunately, Im still connection via root.)
http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

16/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

What am I doing wrong?

Sawiyati

June 12, 2014

Reply

make sure you edit /etc/ssh/sshd_config and add to


allow the new user (step 6)

Hrishi

June 29, 2014

Reply

Thanks a ton! Im very new to setting up my own server and


this is really useful information

Hrishi

June 29, 2014

Reply

Just one quick question. It seems I can login with the new user
perfectly fine but the new user does not seem to have root
privileges. I tried adding a new user from this new user login
and for certain things it kept saying you do not have enough
priviledges. How do I enable root login again?

Sawiyati

June 30, 2014

Reply

you can always add sudo in every command you


want. Or, you can simply type su to switch login
as root user.

Bryan

July 22, 2014

Reply

Thank you so much, I get it done easily..

Bob

July 29, 2014

http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

Reply
17/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

Thanks for all the time you have put into your work here.. As a
total newbie using your tutorials I am setting up my vps with
nginx and wordpress. Has been smooth and Im learning so
much along the way Again thanks

donjon

August 8, 2014

Reply

mbaknya indonesia ya? lg bingung nih setup vps unmanaged


saya

Sam.P

August 12, 2014

Reply

Same problem than a lot of us Dont have root privileges on


my user account, but it tells I have root privileges when doing
sudo -l.
if someone can help

Ken

September 3, 2014

Reply

Tks for the nice tutorial.


I have one questions. when I upload the files by SFTP, it always
says : Permission denied
Please help.
Tks

Brain_Out

September 6, 2014

Reply

THANKS for this!!!


Really Helpfull

Hank

September 19, 2014

http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

Reply

18/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

Excellent tutorials! Unfortunately,I set up my Digital Ocean VPS


without changing my ssh port. I also installed fail2ban.
Everything works.
When I now change the port number in the sshd config file
and in Putty to a non-standard port, I can no longer connect
with Putty.
I suspect I must do something with iptables and fail 2 ban as
well to make this work.
Could you suggest how I could make this change?

Hanif

September 26, 2014

Reply

Hi, i follow exactly you basic centos setup, i even check a new
user to make sure i can logon to it, but when i want to proceed
to install httpd, it said i dont have root permission. I already
disable root logon therefore i could not login using root
anymore, i cant even edit sshd_config to reenable root login.
Appreciate your help.

maxime

September 26, 2014

Reply

Truc sudo yum install httpd or su root yum install


httpd.it Williams as si you for the root password
and let you install httpd.
Hope this helps

Sawiyati

September 26, 2014

Reply

there are two options:


First, you can switch from current user to root by
typing su hit Enter then type password for root.
Another option is to use sudo prefix in each / every
command that needs root privilege (eg: sudo yum

install httpd). I hope that helps.


http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

19/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

maxime

September 26, 2014

Reply

Damn autocorrection on french mobile.please remove


previous comment

Vladan

October 19, 2014

Reply

Why you didnt mentioned that we need to change ports in


iptables!!! Now i cant access to my vps!

javier

October 20, 2014

Reply

Thanks!
I follow your steps, but i got a big problem!
Now when i want login in putty, appear this:
Putty Fatal Error
Network Error: Connection refused
How can i resolve? Please help me!

Sawiyati

October 23, 2014

Reply

That most likely because Putty uses different port


as what you defined on your vps

Anirudh Kanabar

November 12, 2014

Reply

I followed this tutorial. You forgot to mention about the


iptables. So now I exited it without adding it to the iptables. I
only have the ipaddress and password of the server. There is
no online control panel for it.
Now I cant login to it via PuTTy. Could someone help me?
http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

20/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

harikrishna

November 21, 2014

Reply

i have one doubt.cent os install normal home pc .its possible


or not.please tell me

Kamal S. Prasad

January 17, 2015

Reply

In CENTOS 7, the command to reload SSH service is:


service sshd restart
at least, it is on the VPS, I was using.

Kamal S. Prasad

January 24, 2015

Reply

Hi,
I noticed I didnt have to open the new ports via iptables and
was still able to connect. Why is that?
Kamal

David

February 16, 2015

Reply

Some vendors leave higher ports than 1024 open


by default, you can know more about your open
ports using netstat -an

Jonathan

February 2, 2015

Reply

Hello, im newbie in Linux, and im stuck at Step 1: Login to


your remote server via SSH connection.
I dont have a remote server, i want to set the server on my pc,
so what should i do?
http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

21/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

Sawiyati

February 3, 2015

Reply

you can skip that step if you just want to do this on


local pc

eric

March 5, 2015

Reply

I did everything except keeping the ssh port unchanged, but


putty shows Connection refused error. I now cant login. Any
help?

Philip

March 17, 2015

Reply

Hi,
i cant run the command:
iptables -l INPUT -m state -state NEW -m tcp -p tcp -dport
22000 -j ACCEPT
i get the error:
[root@h2191522 ~]# iptables -l INPUT -m state -state NEW -m
tcp -p tcp dport 22000 -j ACCEPT
iptables v1.4.7: option `-l requires an argument

kaushal

March 24, 2015

Reply

Ive tried to replicate exactly the same steps on a fresh CENTOS


VPS server and the connection via the new user fails every time
I tried to login from my Mac terminal. After some debugging, I
found this is happening due to change of default port to
22000. Besides the steps mentioned above, is there anything
else I need to do to make sure my connections recognise port
22000? When I revert the post to 22, I can login with my new
http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

22/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

username and password. Unfortunately not when I change the


port form 22 to 22000.

Alex

March 27, 2015

Reply

It would be best to use certificate instead of obfuscating


access. Just enable login only by certificate and you are set

Caesar Louis

April 3, 2015

Reply

when Im trying to ssh client, its always asking for root


password. can you help me to solve this?

me2

April 27, 2015

Reply

Hi Sawiyati,
I have setup my server and able to view my site on my unit.
But, if I try to access the website thru internet, I cannot access
it though.
Thank You.

Alibaba

May 13, 2015

Reply

For some reason I cant install the nano


Reconfigure the baseurl/etc. for the repository, to point to a
working upstream.

ADD A COMMENT

http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

23/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

Your email address will not be published. Required fields


are marked *
Name:*

Email Address:*

Website:

Comment:*

ADD COMMENT
Notify me of follow-up comments by email.
Notify me of new posts by email.

REVIEW

10 LOW END

5+ FREE SELF-

15+ LOW END

USEFUL FREE

http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

RECOMMENDED

LIST OF FREE
24/25

5/14/2015

BasicCentOSSetupBeforeBuildingAWorkingServer

NAT IPV4 VPS

HOSTED SERVER

CLOUD SERVER

UPTIME

PROVIDERS

MONITORING

PROVIDERS

MONITORING

PROVIDERS FOR

SERVICES FOR

POINTING

YOUR SERVER

DOMAIN TO

TOOLS

VPS #3: CRISSIC

DNS HOSTING

YOUR VPS

COPYRIGHT 2015 SERVERMOM.


CONTACT US

PARTNER US

http://www.servermom.org/basiccentossetupbeforebuildingaworkingserver/414/

PRIVACY POLICY

DISCLAIMER

25/25