Post-Cloud Server Purchase Setup Guide

Open Table of contents

Deprecated
Introduction
Setting Hostname and DNS Servers
Configuring Yum Repositories
Switching from Firewalld to Iptables
Configuring SSH Key Authentication
- 1. Change the Default SSH Port
- 2. Enable SSH Key Authentication

Deprecated

Updated: 2022-05-28

This guide is deprecated and no longer recommended for use.

Introduction

This guide provides essential configuration steps for cloud servers running CentOS 7. The instructions may not be applicable to other Linux distributions, so please adjust accordingly based on your server’s OS.

Setting Hostname and DNS Servers

The following commands will set the hostname to “localhost” and configure Google’s DNS servers.

echo localhost > /etc/hostname
echo nameserver 8.8.8.8 >> /etc/resolv.conf
echo nameserver 8.8.4.4 >> /etc/resolv.conf

Configuring Yum Repositories

Many cloud providers preconfigure internal mirrors for package management, which usually works fine. However, some mirrors may be unstable, resulting in issues with yum when installing packages. In such cases, you can manually update the yum repository configuration as follows:

cd /etc/yum.repos.d/
mv CentOS-Base.repo CentOS-Base.repo.bak
wget http://mirrors.163.com/.help/CentOS7-Base-163.repo
yum clean all && yum makecache

Switching from Firewalld to Iptables

For users accustomed to iptables, CentOS 7 comes pre-installed with firewalld as the default firewall. If you prefer using iptables, you can switch by running the following commands:

systemctl stop firewalld
systemctl disable firewalld
yum install iptables-services -y
systemctl start iptables
systemctl enable iptables

Configuring SSH Key Authentication

To enhance security, it’s highly recommended to use SSH key-based authentication and change the default SSH port. Here’s how to do it:

1. Change the Default SSH Port

Open /etc/ssh/sshd_config and change the default SSH port (Port 22) to a custom port to avoid automated scanning attacks. After making this change, update the firewall configuration to allow the new port in /etc/sysconfig/iptables.

2. Enable SSH Key Authentication

Generate an SSH key pair on your local machine using the following command:

ssh-keygen -t rsa

Copy the public key to the server using ssh-copy-id:

ssh-copy-id -i ~/.ssh/id_rsa.pub user@server_ip

After copying the key, disable password authentication by setting PasswordAuthentication no in /etc/ssh/sshd_config and ensure PubkeyAuthentication yes is enabled.

Restart the SSH service to apply the changes:

systemctl restart sshd