How To Secure Your CentOS Server With ‘sudo’ Access?

Anthony Remya

New Member
This tutorial will demonstrate how to enable the ‘sudo’ user on a CentOS server.

STEP-1: Login to the server as ‘root’ and install ‘sudo’

First, you need to login to your CentOS server console as the ‘root’ user and install ‘sudo’ by entering the below ‘yum’ command.

yum install sudo

STEP-2: Add a new user:

Execute the command given below to add a new user account. Note that ‘yoursudoname’ is the name of the user and not a command/syntax.

adduser yoursudoname

STEP-3: Create a password

Specify a password for the user ‘yoursudoname’ using the following command

passwd yoursudoname

Once the above command is executed, it would prompt you to provide the password. Type a password and repeat the same when asked for the second time.

STEP-4: Open /etc/sudoers file

The sudo file resides in the /etc directory. Open the file with the ‘visudo’ command. NOTE – CentOS opens the file with the ‘vi’ text editor, while Ubuntu uses the ‘nano’ text editor.

STEP-5: Add ‘sudo’ rights to the user

The previous step would have opened the /etc/sudoers file. This file contains the configuration information about the ‘sudo user’. To provide the user ‘sudo’ access rights, find the below mentioned line item

root ALL=(ALL) ALL

And append a second line right below that. It should look like –

root ALL=(ALL) ALL
yoursudoname ALL=(ALL) ALL

Here we have instructed the server to allow the user ‘yoursudoname’ to execute any command as any user, including the ‘root’ user. With this, the newly created ‘sudo’ user is all set to perform its tasks.

STEP-6: Add SSH Key to .ssh/authorized_keys file

Now log out of the ‘root’ account and transfer the SSH key for this particular user with the command given below.

ssh-copy-id -i ~/.ssh/id_rsa.pub
yoursudoname@198.51.100.100
NOTE: 198.51.100.100 is the IP address of the server that we are using. Make sure you change it to refer to your CentOS server.

STEP-7: Login As ‘sudo’ & disable ‘root’

Access your server using the ‘sudo’ user and disable ‘the ‘root’ login. We will be using the ‘-l’ commands to lock the root account.

sudo passwd -l root
STEP-8: Remove Root’s SSH Key

Last step is to remove the ‘root’ users SSH authorized_key. Execute the below command to achieve the same.

rm -rf /root/.ssh

That’s all you need to do to enable ‘sudo’ on a CentOS server. By following the 7 steps mentioned above, you have definitely made your CentOS server more secure. From this point on, you would only need your SSH key to log in to the server system. Kindly note that the commands that require root access should be prefixed with ‘sudo’ and you will be asked for your ‘sudo’ user password to execute them.

If you are using Ubuntu instead of CentOS, then it's a little different. Ubuntu Users can refer to this tutorial - http://www.cloudhostingreviewed.net/how-to-enable-sudo-access-on-ubuntu-server/

Hope it helps.

Regards,
Remya
 

Kyler

New Member
Thank you Remya. That is really appreciated. I never heard of this method nor knew of it until I came across this thread and that's actually a really good concept, considering how secure it could be after that.
 
Top