Updated on 25.5.2023

How to install Arch Linux in the cloud

Arch Linux

This is a tutorial for deploying Arch Linux in UpCloud’s cloud environment. The process described here results in a clean Arch installation with a working SSH connection. If you are new to Arch Linux, make sure to check out the official wiki pages to learn more.

The ArchWiki is one of the best Linux resources available, and it can be applied to other Linux distributions as well to some extent. Some steps described in this tutorial are directly from the ArchWiki, and links are provided for more details on the steps.

The guide assumes basic Linux understanding and a Linux environment on the client side. This is a completely manual installation, although initialization scripts are definitely a possibility to look into.

1. Deploy the image

Begin by login to your UpCloud account or getting signed up if you haven’t already.

Click the Deploy server button to open a new server configuration.

Choose your preferred Location, Plan, and Storage according to your liking. In this example, we are using the following options:

  • Location DE-FRA1 in Germany
  • $5 Simple plan with 1 CPU core, 1 GB memory, and 25 GB storage

Next, select the Operating System

  • Open the CDROM tab
  • Select the latest 64-bit Arch Linux installation CD
  • Arch is a rolling release distro, so it will be fully up to date once the installation finishes

Optionals can be left as they are including the SSH keys as these cannot be added at this point and are going to be deployed manually later.

Then, change hostname and description as you wish.

Finally, click the Deploy button to launch the new server.

2. Preparations for installation

As the installation of Arch Linux consists only of working in the command line, the console connection is the place to start. The difficulty here lies in the caveats of the console connection provided. These can be circumvented with an ad-hoc SSH connection.

First, use the console connection at your UpCloud control panel with a web browser. Choose your deployed server, click on the Console tab, and Open the console connection.

Console connection

The console will open to the Arch Linux installation ISO boot menu. Press the enter key to select to Boot Arch Linux.

Arch Linux boot menu

Once the server has fully booted up, you’ll see the usual terminal prompt.

Arch Linux ISO terminal

Using the web console, we are going to set up a basic SSH daemon. Enabling SSH allows us to work on the command line more easily while installing Arch using the installation CD.

To begin, lets set up a root password to prevent unauthorised connection with the following command. Enter the password you choose twice to confirm.

passwd
New password:
Retype new password:
passwd: password updated successfully

Next, start the SSH server.

systemctl start sshd

Then check that the SSH server is running.

systemctl status sshd

Once SSH is running, take note of your public IP address using the command below.

ip addr

The second interface and the first called ens* should have your public IPv4 address. You can also find this at your UpCloud control panel on the Servers list.

You are now ready to log in to the cloud server with SSH from your computer.

ssh root@ip-address

Accept the new host for your known_hosts list by answering yes.

If you get an error with the problem of too many authentication failures like below.

Received disconnect from ip-address port 22:2: Too many authentication failures
Disconnected from ip-address port 22

Use the following command instead to attempt to authenticate properly.

ssh -o IdentitiesOnly=yes root@ip-address

Once connected, you can continue to install the new system.

3. Installing Arch Linux

You should now be ready to install Arch. The process is quite simple but requires a little prior understanding of storage partitions. You can find more information about the following steps at the ArchWiki install guide.

Note that you need to be connected to the Arch server over SSH before proceeding. Make sure you are working on the cloud server and not inadvertently formatting your own system partitions!

First, enable the Network Time Protocol services to ensure the system clock is accurate.

timedatectl set-ntp true

Next, you’ll need to partition the storage disk.

For this example, we are going to create 3 partitions. BIOS boot partition, a root partition and a separate partition for /home.

Check the virtual hard drive label with the following command.

lsblk

In the output, you’ll see the partition like in the example below.

NAME  MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
loop0   7:0    0 489.5M  1 loop /run/archiso/sfs/airootfs
sr0    11:0    1   602M  0 rom  /run/archiso/bootmnt
vda   254:0    0    25G  0 disk
  • loop0 is a squashfs which runs the installation ISO kernel
  • sr0 is the ISO image mounted as a CDROM
  • vda is the hard disk we want to partition

You have the following partitioning tools available on the ISO: parted, fdisk, cfdisk, and gdisk.

Feel free to choose the tool you prefer, but from these, cfdisk is probably the easiest to use. Run the partitioning tool to begin.

cfdisk

Select the gpt label type.

                               ┌ Select label type ───┐
                               │ gpt                  │
                               │ dos                  │
                               │ sgi                  │
                               │ sun                  │
                               └──────────────────────┘

Partition the disk according to the following example partition scheme:

  • /dev/vda1 1M BIOS boot
  • /dev/vda2 8G Linux root (x86-64)
  • /dev/vda3 17G Linux home

Now, create the three partitions by their size and type as outlined above.

  • Select New and press enter to create a new partition
  • Enter 1M as the size and press enter again
  • Select Type and press enter
  • Then find the partition type BIOS boot and press enter to select it
                                    Disk: /dev/vda
                  Size: 25 GiB, 26843545600 bytes, 52428800 sectors
             Label: gpt, identifier: DDF8E89B-550E-8840-87A9-13322F81C117

    Device                 Start            End        Sectors      Size Type
>>  Free space              2048       52428766       52426719       25G              

              [   New  ]  [  Quit  ]  [  Help  ]  [  Write ]  [  Dump  ]

                         Create new partition from free space

Repeat the steps to create the other two partitions.

Once done, you should have three partitions as shown in the example below. Confirm the changes by selecting Write and pressing enter to save the partition table.

                                    Disk: /dev/vda
                  Size: 25 GiB, 26843545600 bytes, 52428800 sectors
             Label: gpt, identifier: DDF8E89B-550E-8840-87A9-13322F81C117

    Device                Start         End     Sectors    Size Type
    /dev/vda1              2048        4095        2048      1M BIOS boot
    /dev/vda2              4096    16781311    16777216      8G Linux root (x86-64)
>>  /dev/vda3          16781312    52428766    35647455     17G Linux home            

 ┌──────────────────────────────────────────────────────────────────────────────────┐
 │Partition UUID: 8124F21E-A356-F44C-A67B-A61250C472D4                              │
 │Partition type: Linux home (933AC7E1-2EB4-4F13-B844-0E14E2AEF915)                 │
 └──────────────────────────────────────────────────────────────────────────────────┘
  [ Delete ]  [ Resize ]  [  Quit  ]  [  Type  ]  [  Help  ]  [  Write ]  [  Dump  ]

               Write partition table to disk (this might destroy data)

You can then quit the partitioning tool by selecting Quit and pressing enter.

Next, format the partitions and mount the filesystems with the commands below.

mkfs.vfat /dev/vda1
mkfs.ext4 /dev/vda2
mkfs.ext4 /dev/vda3
mount /dev/vda2 /mnt
mkdir /mnt/home
mount /dev/vda3 /mnt/home

When the partitions are set and ready, select your preferred mirror servers to install Arch Linux from by editing the  /etc/pacman.d/mirrorlist file.

  • The file is a simple text file with mirror server addresses
  • All mirrors are enabled by default, you can back up the mirrorlist file and choose few mirrors according to your liking in close proximity
  • The higher a mirror is placed in the list, the more priority it is given when downloading a package. You may want to edit the file accordingly and move the geographically closest mirrors to the top of the list.

Install the base Arch Linux and the additionally needed packages.

pacstrap /mnt base linux grub openssh nano dhcpcd

Once the installation has finished, continue below with configuring the system.

4. Configuring the system

Before the new server is ready to start on its own, you’ll need to configure a few options.

First, generate a filesystem table using the command below.

genfstab -U /mnt >> /mnt/etc/fstab

Then change into the new system using chroot.

arch-chroot /mnt

Next, set your time zone based on the region and capital city you wish, for example, using the command below.

ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime

You can find the full list of time zones to select from using the following command.

timedatectl list-timezones

Configure the system clock and generate the /etc/adjtime file.

hwclock --systohc

Select your preferred locales by uncommenting the desired option in the /etc/locale.gen file. A quick way of doing so is using sed with the command below.

sed -i 's/#en_US.U/en_US.U/' /etc/locale.gen

Then generate the locales.

locale-gen

Next, create a locale.conf file with the following text.

echo "LANG=en_US.UTF-8" > /etc/locale.conf

And set your keyboard layout.

echo "KEYMAP=us" > /etc/vconsole.conf

Note that we’ll still need to make some quick configurations over the web console connection which works best with the US keyboard layout. You can change this later when SSH is up again by changing the KEYMAP variable.

Afterwards, set your system hostname as you prefer.

echo "your_hostname" > /etc/hostname

Then generate a skeleton /etc/hosts file.

cat > /etc/hosts << EOF
127.0.0.1 localhost
::1 localhost
EOF

Don’t forget to set the root password now on the actual server.

passwd

Finally, install the GRUB boot loader to allow the server to start.

grub-install --target=i386-pc /dev/vda
grub-mkconfig -o /boot/grub/grub.cfg

The system is now ready to boot. Exit chroot and reboot the server.

exit
shutdown -h now

As we used an SSH connection, issuing a shutdown command naturally terminates the connection.

Next, to have the server boot up from the newly installed storage system you’ll need to change the boot order to select storage first. Open your cloud server settings and find the Boot order under the Optionals section at your UpCloud control panel.

Set the Boot order to storage, cdrom and shown below and then click the Save changes button.

Arch Linux setting boot order to storage first

You can then restart the server by clicking the Start button at the top right of the same page. Once your server has booted up again, you can continue with the configuration.

Note that the new system will be inaccessible via SSH for now, as the previous daemon was running on the installation ISO. See below to get this fixed.

5. Setting up SSH connection

Next, we’ll set up an SSH daemon again using the web console to be able to connect to the new machine. Go back to your UpCloud control panel.

Now is also a good time to configure a firewall. While optional at this point, it can help you protect your new server from external threats. To do this, open the UpCloud firewall page and create the following rules for SSH connections and DNS Servers on IPv4.

Incoming, default rule: DROP

Protocol Src addr Src port Tgt address Tgt port Action Notes
ICMP0/IPv4 Any - Any - accept Allow echo replies in
TCP/IPv4 Any Any Any 22 accept SSH connection
UDP/IPv4 94.237.40.9 53 Any Any accept UpCloud DNS server
UDP/IPv4 94.237.129.9 53 Any Any accept UpCloud DNS server

Outgoing, default rule: ACCEPT

TCP Any Any Any 25 drop SMTP Outbound blocked

Open a console connection to the cloud server from your UpCloud control panel and log in to the root account.

Once in, start and enable the DHCP client daemon.

systemctl enable dhcpcd
systemctl start dhcpcd

Then confirm your system is getting an IP address with the ip addr command.

While connected to the console, enable root access over the SSH connection.

Make a backup copy of the sshd_config file. You should be able to use tab auto-completion to make this easier on the web console.

cp /etc/ssh/sshd_config /etc/ssh/backup.sshdconf

Next, set the PermitRootLogin yes either by editing the /etc/ssh/sshd_config file.

nano /etc/ssh/sshd_config

Alternatively, if your keymapping is working well you could use the following command to accomplish the same.

sed -i '/PermitRootLogin proh/cPermitRootLogin yes' /etc/ssh/sshd_config

Then finally enable and start the SSH daemon on the console.

systemctl enable sshd
systemctl start sshd

On your local system, clear the previous entry from your known_hosts file. On the machine initiating SSH connection, a known_hosts entry was added on the installation process. The file resides at /home/user/.ssh/known_hosts. Just remove the entry associated with your server’s IP address e.g. using the command below by replacing the ip-address with your server’s public IP.

ssh-keygen -f "~/.ssh/known_hosts" -R "ip-address"

Finally, connect to the cloud server using SSH.

$ ssh root@ip-address

With the remote connection enabled, we can now further configure the server.

6. Setting up a new user and SSH authentication

You should now be connected to your new Arch server over SSH and the basic install is complete, but we are not quite done. For improved security and convenience, you should set up a new username for yourself and configure SSH keys to it.

Start by creating a new unprivileged username using the command below. Name the account as you see fit.

useradd -m username

Then set a password for the new user.

passwd username

Now, SSH daemon is already running but the settings allow root to log in which can be insecure. Revert the changes made to the sshd_config file by swapping it to the default config we backed up earlier.

cp /etc/ssh/backup.sshdconf /etc/ssh/sshd_config

Then, restart the SSH daemon to apply the new configuration.

systemctl restart sshd

Next, generate an SSH key pair for your regular user on your own computer. You should preferably also secure the key with a password. On Linux systems, this can be achieved with the following command.

$ ssh-keygen

Once you have created a new SSH key pair, copy over the public part to your Arch Linux server. By default, the public SSH key is saved to /home/username/.ssh/id_rsa.pub.

Then on the cloud server, change into your new user account and create the following directory.

su username
mkdir ~/.ssh

The public SSH key should be saved to file at /home/username/.ssh/authorized_keys. Open a new file in a text editor, for example, by using nano and copy the public SSH key into this file.

nano ~/.ssh/authorized_keys

Then save the file and exit the editor.

Next, switch back to the root user by simply exiting your new username.

exit

You can then edit the /etc/ssh/sshd_config file according to your needs.

nano /etc/ssh/sshd_config

Here are some examples of changes you might wish to make:

  • Disable the sftp subsystem if not needed by commenting out the line
  • Disable password login by setting PasswordAuthentication no
  • Speed up the login by setting SSH to only use IPv4 with AddressFamily inet

You can find more information about the available configuration options at the ArchWiki.

After altering the configuration, restart the SSH daemon again as the root user.

systemctl restart sshd

Then test logging in by opening a new terminal window on your own machine, and connecting with the username you created earlier.

$ ssh user@ip-address

All done!

7. Further configuration

Your Arch Linux server is now fully installed with a working SSH connection. However, the installation is very basic, and you probably want to install more programs. For example, there is currently no firewall configured and even the sudo package will need to be installed and configured separately.

Individual packages can be installed with the command below.

pacman -S package

Refer to the ArchWiki for details on packages.

Full system upgrade is done using the following command.

pacman -Suy

Since Arch pulls the latest packages during the system install, there is likely nothing to do for the moment, but remember to periodically check for updates or configure the server to do so automatically.

Note that while most upgrades can be installed without restarting the server, you should still perform a reboot after any updates to the kernel.

Additionally, if your server ever ends in an inoperable state, you can use the install CDROM as rescue media by changing the boot order again to cdrom, storage and restarting your Arch Linux server.

Testing notes

After rebooting the system via SSH connection with reboot as the root user, it might take a minute until the server accepts SSH connections again. Booting itself is really fast, but the SSH daemon can take time to fully start.

If SSH fails to connect after rebooting, logging in as any user via the web browser console connection should solve the issue and allow you to connect using SSH.

Tuomo Kuure

  1. The slow startup of SSH daemon is apparently due to low entropy on cloud machines. The systemd-random-seed.service takes quite a time until enough entropy is gathered for the random number generator.

    The virtual machines in UpCloud do support a certain kernel option to speed this process.
    cat /proc/cpuinfo | grep rdrand

    edit /etc/default/grub:
    GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash random.trust_cpu=on”
    grub-mkconfig -o /boot/grub/grub.cfg

    cat /proc/cpuinfo | grep rdrand

    There was some concern for security issues about this kernel option.
    Detailed explanation can be found here:
    https://askubuntu.com/questions/1070433/will-ubuntu-enable-random-trust-cpu-in-the-kernel-and-what-would-be-the-effect
    https://wiki.debian.org/BoottimeEntropyStarvation

    The kernel option can actually be used with any linux distribution to get faster ssh access after boot.

  2. Janne Ruostemaa

    Hi there, very interesting, thanks for the comment!

  3. Tuomo Kuure [tqre]

    The current dhcpcd (8.1.1-1) package on Arch is having problems, I got max 2 days of uptime, and the daemon just failed at some point. May users are experiencing this atm.
    https://bbs.archlinux.org/viewtopic.php?id=250397

    https://wiki.archlinux.org/index.php/Systemd-networkd
    I made use of systemd-networkd to configure the network. This systemd service is meant for public interface. Make sure you know your public IP/netmask and the default outgoing route for your hosting area. The DNS servers mentioned here are UpCloud DNS servers.

    Disable and stop dhcpcd before starting systemd-networkd.
    # systemctl disable dhcpcd
    # systemctl stop dhcpcd

    To check your current numbers:
    $ ip address
    $ ip route | grep default

    systemd enable systemd-networkd
    /etc/systemd/network/cat 20-public-ipv4.network
    [Match]
    Name=<public network interface>

    [Network]
    Address=<your public ip>/<netmask>
    Gateway=<default gateway>
    DNS=94.237.127.9
    DNS=94.237.40.9

    Disable and stop dhcpcd before starting systemd-networkd.
    # systemctl disable dhcpcd
    # systemctl stop dhcpcd
    # systemctl enable systemd-networkd
    # systemctl start systemd-networkd

    Issuing a reboot command on the server with the aforementioned cpu-rdrand brings the system back up and accessible in about 10 seconds now.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top