CentOS/Fedora/REL Setup - Cloud Servers

This CentOS article will take you from a 'barebones' CentOS Server to a secured and up to date Server ready for your software (or whatever you use the Server for).



Log in

Windows Clients

If you are logging into your server from Windows you can use a terminal application called PuTTY. Simply do a Google search for it and you will find where to download it.

Mac / Linux Clients

Simply type in the command below from a Terminal window to login:

# ssh root@

If this is a reinstall you may have to delete your ~/.ssh/known_hosts file. Please refer to your Operating Systems documentation on how to resolve this.

User administration

Now we're logged in to the VPS, immediately change your root password

# passwd

Add an admin user (I've used the name demo here but any name will do).

# adduser demo

You will need to specifically set the password for your new user:

# passwd demo

As you know we never log in as the root user (this initial setup is the only time you would need to log in as root). As such, the main administration user (demo) needs to have sudo (Super User) privileges so he can, with a password, complete administrative tasks.

Sudo permissions

To do this we're going to add the main user to the 'wheel' group. Once that is done, we need to edit the 'sudoers' file, using visudo, and ensure the 'wheel' group has the correct privileges.

So firstly, add the user to the wheel group:

# usermod -a -G wheel demo

Next, give the 'visudo' command:

# visudo 

The visudo command runs a default editor and will check the configuration for any syntax errors before saving it.

We'll usually refer you to 'nano' for editing text files.  It's a pretty easy-to-use text editor with nice features like an on-screen tip telling you how to bring up a helpfile. For security reasons, however, visudo on CentOS, Fedora, and RHEL will only use 'vi'.

If you're new to Linux, or have never used the 'vi' editor before, then this part will be a little weird. While vi is a powerful editor once you've learned it, 'user friendly' is definitely not on its list of features. We'll just describe the keystrokes you'll use to make one change here, and talk a little more about vi after.

So with all that said, use the arrow keys to move the cursor down near the bottom of the file.  Look for this entry:

## Allows people in group wheel to run all commands
# %wheel  ALL=(ALL)       ALL

Now we'll uncomment that second line.  Do that by removing the "#" before "%wheel" by moving the cursor to it and typing "x".  Now the line should look like this:

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

Type ":wq" and "enter", and members of the 'wheel' group will have full sudo privileges.

A little more (optional) vi

If you want to make more changes to this file later you'll want to use more vi than just what we did above.  It can be handy to look for an introduction to vi through a web search - there are a good number of them out there.  Since vi (or vim) is installed on just about any Unix system anywhere it can be a useful editor to learn.

To get you started, some basic vi commands are:

  • Use the arrow keys to move around
  • Hit "i" to start typing inside a line
  • Hit "a" when your cursor is at the end of a line to add to it
  • Hit "escape" to get out of edit mode
  • Hit "x" to delete the character under the cursor
  • Hit "dd" to delete the line of text under the cursor
  • Type ":wq" then "enter" to save your changes and quit
  • Type ":q!" then "enter" to quit without saving any changes
  • When you just can't figure out what it's doing, hit "escape" a couple times, then type ":q!" and "enter" so you can quit and then start over fresh.

Now let's get back to setting up your server.

SSH keys

One effective way of securing SSH access to your server is to use a public/private key, which means that a public key is placed on the server and the private key is on your local computer. This makes it impossible for someone to log in using just a password; they must have the private key. For information about setting up public and private SSH keys on Linus or Mac OS X, read Configuring basic security. For Windows, read Generating RSA keys with SSH - PuTTYgen

Yum repositories

The CentOS Server comes with a basic set of repositories that are defined in /etc/yum.repos.d.

Have a look at the enabled repositories, using that more friendly editor, nano:

# nano /etc/yum.repos.d/CentOS-Base.repo

As you scroll through the file you will see each repository has a set of definitions including which mirror to use and what GPG key to use (and actually whether to check the package signature at all).

You can, of course, add more repositories whenever you want to but I would just give a word of caution: Some of the available repositories are not officially supported and may not receive any security updates should a flaw be discovered.

Keep in mind it is a server we are building and not a desktop.

Need a key install?

You may be asked to install a key for the repository. To do this, run the following command:

sudo rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5


Now we can update the package list that yum uses.

The command will also offer to install any updated packages. As with all installs have a careful look at the list and, once happy, press 'y' to continue:

# yum update

That's really the basics done for the Server.

© 2015 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER