The Basics

When you first begin to access your fresh new virtual private server, there are a few early steps you should take to make it more secure. Some of the first tasks can include setting up a new user, providing them with the proper privileges, and configuring SSH.
- Step 1: Root Login

Once you know your IP address and root password, login as the main user, root.

If you using linux login ssh, open terminal and add below command line:
ssh root@serverip
1
	
ssh root@serverip

The terminal show:
The authenticity of host '69.55.55.20 (69.55.55.20)' can't be established. ECDSA key fingerprint is 79:95:46:1a:ab:37:11:8e:86:54:36:38:bb:3c:fa:c0. Are you sure you want to continue connecting (yes/no)?
1
2
3
	
The authenticity of host '69.55.55.20 (69.55.55.20)' can't be established.
ECDSA key fingerprint is 79:95:46:1a:ab:37:11:8e:86:54:36:38:bb:3c:fa:c0.
Are you sure you want to continue connecting (yes/no)?

Choose yes and password input.
- Step 2: Chage your password

Currently your root password is the default one that was sent to you when you registered your droplet. The first thing to do is change it to one of your choice.
passwd
1
	
passwd

CentOS is very cautious about the passwords it allows. After you type your password, you may see a BAD PASSWORD notice. You can either set a more complex password or ignore the message—CentOS will not actually stop you from creating a short or simple password, although it will advise against it.
-Step 3:  Create a New User

After you have logged in and changed your password, you will not need to login again to your VPS as root. In this step we will make a new user, with a new password, and give them all of the root capabilities.

First, create your user; you can choose any name for your user. Here I’ve suggested Demo
/usr/sbin/adduser nowquestion
1
	
/usr/sbin/adduser nowquestion

Second, create a new user password:
passwd nowquestion
1
	
passwd nowquestion

- Step 4: Configure SSH (security)

Now it’s time to make the server more secure. These steps are optional. They will make the server more secure by making login more difficult.

Open the configuration file
sudo nano /etc/ssh/sshd_config
1
	
sudo nano /etc/ssh/sshd_config

Find the following sections and change the information where applicable:
Port 2411 (eg) Protocol 2 PermitRootLogin no UseDNS no
1
2
3
4
	
Port 2411 (eg)
Protocol 2
PermitRootLogin no
UseDNS no

We’ll take these one by one.

Port: Although port 22 is the default, you can change this to any number between 1025 and 65535. In this example, I am using port 2411. Make sure you make a note of the new port number. You will need it to login in the future, and this change will make it more difficult for unauthorized people to log in.

PermitRootLogin: change this from yes to no to stop future root login. You will now only login as the new user.

Add this line to the bottom of the document, replacing demo with your username:
AllowUsers demo
1
	
AllowUsers demo

Save and Exit

We will reload or restart sshd.

Successfull ^^

If you have any questions, please ask!