Skip to main content

Initial Server Setup on CentOS

As I came from Software Engineering background since my first employment, it's my big step to jump in DevOps area. Because at my recent employment, I trusted by the CIO to manage this area. I think all of the knowledge and practice them out, need to be well documented and I remember that I have a blog here. So this is my first time to documented all of the knowledge that I've practice before, in all of the environment (development, staging, sandbox or even production) in my recent employment.

CentOS Logo

I'm starting with the fundamental one, initial server setup with CentOS. This post scoped only in CentOS 7 and I'm using Alibaba Cloud as my cloud provider. Using other Operating System (OS) or cloud provider may need some adjustment to be matched, but I'll describe in general. If you have a trouble during follow this tutorial, don't hesitate to ask in the comment. Go!

Step 1 Add Non-Root User

Once you have created instance, you need to login with root user via web VNC and create non-root user account.
# adduser h3rucutu
Next assign a password to the new user account, repeat it again to verify it.
# passwd h3rucutu
Now we have regular user privileges, but sometimes we need to do administrative tasks. To avoid log out and login with root password, we can setup root privileges for our regular user. This allowing us from regular to run commands with administrative privileges by putting sudo before each command.
To add these privileges to our regular user, we need to add the user into wheel group.
# gpasswd -a h3rucutu wheel
Now the user we have created can run with administrative privileges.

Step 2 Login and Setup Public Key with Non-Root User

First logged in with username, ip public (e.g. 149.129.111.11) of your server and password.
% ssh h3rucutu@149.129.111.11
After you successfully connected to your server, we need to change this method, because this method is vulnerable to bruteforce, since our SSH Port is exposed to public.
You need to generate RSA Key Pair in your local machine, you can optionally specify the filename also specify passphrase to strengthen your key (you'll be asked every time you used it if you set the passphrase).
% ssh-keygen -t rsa
Once your RSA Key Pair is generated, copy the public key to the server with ssh-copy-id.
% ssh-copy-id h3rucutu@149.129.111.11
After your public key successfully copied to the server, you'll not be asked the password every time you connect to the server, try it!
But actually other person still can use username and password method. You can verify that with command below.
% ssh h3rucutu@149.129.111.11 -o PubkeyAuthentication=no
Voila, you still logged in with password method.

Step 3 Configure SSH Daemon

To secure the SSH connection, we need to only accept the public key authentication by configuring SSH Daemon on the server.
$ sudo vi /etc/ssh/sshd_config
Search PasswordAuthentication, change the value into no.
UseDNS no
AddressFamily inet
SyslogFacility AUTHPRIV
PermitRootLogin yes
#PasswordAuthentication yes
PasswordAuthentication no
After that we also need to configure that root user can't logged in via SSH, search PermitRootLogin change the value into no.
UseDNS no
AddressFamily inet
SyslogFacility AUTHPRIV
#PermitRootLogin yes
PermitRootLogin no
#PasswordAuthentication yes
PasswordAuthentication no
Save all the changes and restart the SSH Daemon.
$ sudo systemctl reload sshd
Disconnect and verify that the password authentication method is no longer accepted by the server.
% ssh h3rucutu@149.129.111.11 -o PubkeyAuthentication=no
h3rucutu@149.129.111.11: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Looks Good! Now you're ready to go to deeper setup on CentOS.
Later more on this blog. Stay tune!
Labels:

Comments

Post a Comment

Popular posts from this blog

Indonesian Dark Wordlist

Indonesian Dark Wordlist adalah proyek baru dari Unlisted Developer yang menghasilkan kumpulan kata (wordlist) berbasiskan pada Kamus Besar Bahasa Indonesia (KBBI) untuk berbagai keperluan, misalnya teknik bruteforce atau aircracking . Kami masih melihat proyek-proyek sebelumnya masih tidak jelas kelanjutan proyeknya dalam membuat Wordlist, maka dari itulah kami membuat proyek ini sebagai jembatan kepada teman-teman lain yang membutuhkan wordlist yang lengkap tanpa harus bersusah-susah meng- generate . Mengingat proyek ini masih dalam tahap awal, maka banyak sekali kelemahan-kelamahan yang ada, sehingga kami mengharapkan kritik dan saran yang membangun, supaya kami bisa berbenah dalam setiap tambahan waktu. Selain itu, kami juga masih membuka peluang kepada teman-teman yang ingin bergabung dalam proyek ini, silahkan menghubungi saya via email atau tinggalkan komentar pada tulisan ini. Tidak ada syarat ketentuan khusus, hanya syarat umum yaitu bisa mengoperasikan komputer (mengerti...
5 comments
Read More »

Bypassing Nokia Maps N9

Nokia N9 have maps application, both of Nokia Maps and Nokia Drive are related one to other. But the same problem with Nokia Drive on Nokia N9 also occur in Nokia Maps (see here ). Nokia Maps also need logged in Nokia Account before you can use Nokia Maps. So I think the same way with bypassing Nokia Account in Nokia Drive will be succeed too in Nokia Maps. The same step can be read on my previous post here , until preparing the configuration Nokia Drive download. Okay let's go! First, make sure you have installed Filebox and setting to show hidden files and show root filesystem. Open browser on your N9 and download Modified Nokia Maps Configuration here . Don't press clear when the download has finished, just tap Done. Go to Filebox, and navigate to /home/user/MyDocs/Downloads , you'll found Maps.conf there, copy and paste this file into /home/user/.config/Nokia . But I recommend you if there's existing Nokia Maps Configuration backup it into Maps.conf.bak the ...
24 comments
Read More »

Bypassing Nokia Drive N9

Nokia N9 contains maps application bundled by Nokia with offline maps, but to access Drive application you need to have Nokia Account and you must login in your N9. Before Nokia Account has been shutdown by Microsoft (see here ) there's no problem to using Nokia Maps on N9, but after 25th, April 2015 Nokia Account no longer can be accessed. So maybe you think that your N9 can't help you to assist when you driving or find place around the world. Nokia Account requirement Here, I'll show you to bypassing Nokia Account requirement to access Nokia Drive on N9 Harmattan. So you don't need to have Nokia Account logged on your N9 to access Nokia Drive. Below is the step by step to bypassing by modify Nokia Drive configuration on Harmattan. First, you'll need installed Filebox on your Harmattan N9 (see here  for installer and this  for installation). Open Filebox and make sure you have change settings to Show root filesystem and Show hidden files. Filebox Sett...
20 comments
Read More »