Register Linode VPS and get free $20 credits. You’ll have to top up your visa debit with at least $1 and your account will be manually reviewed, too. It took around 30 minutes, so it’s a good opportunity to set up our SSH keys till before create CentOs 7 on Linode.
Add SSH Keypair
In layman’s terms, key-based authentication is a bunch of stuff that allows you to log in more securely, and without a password, even. You store your public key on the servers you want to authenticate to, while you store your private key on your local computer. If it was an iris scanner, the public key is like a scan of your eyes in the door lock system, while the private key corresponds to your actual eyeball. And just like your eyeballs, you should keep your private key safe as well. Your public and private keys make up a keypair.
SSH stands for secure shell, and it is a way to manage servers remotely.
To generate a keypair, install PuTTY first, then open PuTTYgen and generate an RSA keypair with 8192 bits. Make sure to specify a passphrase as well. Relax, you only need to enter this passphrase when you reboot Windows, but more on that later. Key comment can also be useful if, for whatever reason, you’ll have multiple keys later on.
Grab a pendrive and save 4 files there:
- Click Save public key and save it as
- Copy all the contents of Public key for pasting into OpenSSH authorized_keys file and save it as
- Save private key and save it as
- Conversions / Export OpenSSH key and save it as
This might sound confusing now, why 4 files? That’s still just 2 keys (a public and private one), just in different formats, so don’t worry.
It is a good idea to have a secondary pendrive and make a copy of these there. Then lock it up somewhere in case your pendrive is lost or something. Otherwise you may have trouble logging in later.
Now start the Pageant utility, which caches your private key as long as it’s running, so that you don’t have to unlock it every time you log into SSH. Right click on its tray icon and click Add Key. Enter your passphrase, and that’s it, your private key is cached. You can verify it via View Keys:
Now you’re ready to create CentOS 7 server on linode.
How to create CentOS 7 on Linode
Create CentOs 7 System
Once your account’s ready, head over to their management portal and create a new linode (that’s what they call virtual machines, or VMs for short):
Things to pay attention to:
- Select CentOS 7 as the distribution.
- Select the region closest to you and/or your audience.
- Select a plan that suits your need.
- Make sure you use a strong (24+ characters) generated password, but don’t use special characters like !@# coz Linode doesn’t seem to handle that well. Don’t worry about its lenght, you’ll only use this password for a short initial setup and for emergency coz we’ll set up key-based authentication.
Once the node is ready, some fine-tuning first. Linode nodes have a customized kernel by default. Let’s switch back to the stock kernel. Open your node’s dashboard and navigate to Settings / Advanced. Open the default disk profile and under Boot Settings select GRUB2. Also uncheck the option Enable network helper because it will mess up the SELinux context of your network config files. Now click Save.
Enter the IP address of your node in the Host Name field, then click Open.
Then PuTTY will warn you that the host key is not present in the local cache.
That’s fine, this is the first time you log in, so click Yes. Now log in as root and enter your password, too (you can paste with right click or Shift+Insert – it won’t be visible as asterisks, but it’ll be pasted anyway). If everything went well, you’ll be presented with a root terminal prompt:
Updates & packages
Now some maintenance. Let’s upgrade all packages and install some new ones:
It’s a good idea to change the SSH port from the default 22 to a random one under 1024 to get rid of at least some of the script kiddies. Why under 1024? Because ports under 1024 require root privileges to run, so you prevent random users from running rogue SSH server instances (thanks, billings and Bahhumbug!). In this example I’ll go with 922. Allow it both in SELinux and firewalld:
semanage port -a -t ssh_port_t -p tcp 922
firewall-cmd –new-service sshsec –permanent
firewall-cmd –permanent –service=sshsec –add-port=922/tcp
firewall-cmd –add-service sshsec –permanent
Now tell the SSH server (or daemon) about this new port as well. While we’re at it, disable direct root logins and logins with password:
sed -i.orig ‘s/#Port 22/Port 922/’ /etc/ssh/sshd_config
sed -i ‘s/#PermitRootLogin yes/PermitRootLogin no/’ /etc/ssh/sshd_config
sed -i ‘s/PasswordAuthentication yes/PasswordAuthentication no/’ /etc/ssh/sshd_config
sed -i ‘s/GSSAPIAuthentication yes/GSSAPIAuthentication no/’ /etc/ssh/sshd_config
Now restart the SSH daemon:
systemctl restart sshd.service
Verify that you can log in via port 922. If all is good, you can remove the default SSH port. Check the services that are currently allowed through the firewall:
And that’s basically it. You have your CentOS Virtual Machine.
Next guide: how to Install script VPSSIM on CentOs VM