Initial Server Setting of CentOS 7 - DigitalOcean

This is a note of the CentOS 7 server setup procedure.

I referred to Initial Server Setup with CentOS 7 (Digitalocean) .

SSH Login

1
$ ssh -i {YOUR_PRIVATE_KEY} root@{SERVER_IP_ADDRESS}

Basic Settings

Do the following with root.

yum upddate

1
# yum update

reboot

After yum update, you need to reboot servers.

1
# reboot

Settings of SeLinux

Allow connections to port numbers set in / etc / ssh / sshd_config on selinux.

1
# semanage port -a -t ssh_port_t -p tcp {SSH_PORT_NUMBER}

SSH Settings for security

1
# vi /etc/ssh/sshd_config

Edit the following. Change port number of ssh.

1
2
PasswordAuthentication no
Port {SSH_PORT_NUMBER} ( 1024 to 65535 )

Restart sshd.

1
# systemctl restart sshd.service

Check whether the SSH port number has been changed.

1
# netstat -an | grep LISTEN | grep {SSH_PORT_NUMBER}

Add user

1
2
# useradd {USER_NAME}
# passwd {USER_NAME}

Enable added user to run sudo.

1
# usermod -aG wheel {USER_NAME}

Change user.

1
# su {USER_NAME}

Add authorized_keys to the user.

1
2
3
4
5
$ cd
$ mkdir .ssh
$ chmod 700 .ssh
$ vi .ssh/authorized_keys # Paste authorized_keys
$ chmod 600 .ssh/authorized_keys

Disable ssh login with root.

1
$ sudo vi /etc/ssh/sshd_config

PermitRootLogin : no .

1
PermitRootLogin no

Restart sshd

1
$ sudo systemctl restart sshd.service

Cloud Firewalls

On the Cloud Firewalls, you can only SSH login with SSH port number changed this time.