{"id":2227,"date":"2019-06-27T09:16:20","date_gmt":"2019-06-27T06:16:20","guid":{"rendered":"https:\/\/upcloud.com\/global\/us\/resources\/tutorials\/install-arch-linux\/"},"modified":"2019-06-27T09:16:20","modified_gmt":"2019-06-27T06:16:20","slug":"install-arch-linux","status":"publish","type":"tutorial","link":"https:\/\/upcloud.com\/global\/resources\/tutorials\/install-arch-linux\/","title":{"rendered":"How to install Arch Linux in the cloud"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">This is a tutorial for deploying Arch Linux in UpCloud\u2019s cloud environment. The process described here results in a clean Arch installation with a working SSH connection. If you are new to Arch Linux, make sure to check out the <a href=\"https:\/\/wiki.archlinux.org\/\" target=\"_blank\" rel=\"noopener\">official wiki pages<\/a> to learn more.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The ArchWiki is one of the best Linux resources available, and it can be applied to other Linux distributions as well to some extent. Some steps described in this tutorial are directly from the ArchWiki, and links are provided for more details on the steps.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The guide assumes basic Linux understanding and a Linux environment on the client side. This is a completely manual installation, although initialization scripts are definitely a possibility to look into.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/signup.upcloud.com\/\">Test hosting on UpCloud!<\/a><\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">1. Deploy the image<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Begin by login to your <a href=\"https:\/\/hub.upcloud.com\/\" target=\"_blank\" rel=\"noopener\">UpCloud account<\/a> or getting <a href=\"https:\/\/signup.upcloud.com\/\n\/\" target=\"_blank\" rel=\"noopener\">signed up<\/a> if you haven\u2019t already.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Click the <em>Deploy server<\/em> button to open a new server configuration.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Choose your preferred Location, Plan, and Storage according to your liking. In this example, we are using the following options:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Location DE-FRA1 in Germany<\/li>\n\n\n\n<li>$5 Simple plan with 1 CPU core, 1 GB memory, and 25 GB storage<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Next, select the Operating System<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Open the CDROM tab<\/li>\n\n\n\n<li>Select the latest 64-bit Arch Linux installation CD<\/li>\n\n\n\n<li>Arch is a rolling release distro, so it will be fully up to date once the installation finishes<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Optionals can be left as they are including the SSH keys as these cannot be added at this point and are going to be deployed manually later.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Then, change hostname and description as you wish.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Finally, click the <em>Deploy<\/em> button to launch the new server.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">2. Preparations for installation<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">As the installation of Arch Linux consists only of working in the command line, the console connection is the place to start. The difficulty here lies in the caveats of the console connection provided. These can be circumvented with an ad-hoc SSH connection.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">First, use the console connection at your UpCloud control panel with a web browser.&nbsp;Choose your deployed server, click on the <em>Console<\/em> tab, and <em>Open the console connection<\/em>.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/upcloud.com\/media\/console-connection-8.png\" alt=\"Console connection\" class=\"wp-image-5363\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">The console will open to the Arch Linux installation ISO boot menu. Press the enter key to select to Boot Arch Linux.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/upcloud.com\/media\/arch-linux-boot-screen.png\" alt=\"Arch Linux boot menu\" class=\"wp-image-9549\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Once the server has fully booted up, you\u2019ll see the usual terminal prompt.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/upcloud.com\/media\/arch-linux-iso-cmd.png\" alt=\"Arch Linux ISO terminal\" class=\"wp-image-9550\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Using the web console, we are going to set up a basic SSH daemon. Enabling SSH allows us to work on the command line more easily while installing Arch using the installation CD.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To begin, lets set up&nbsp;a root password to prevent unauthorised connection with the following command. Enter the password you choose twice to confirm.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">passwd<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">New password:\nRetype new password:\npasswd: password updated successfully<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Next, start the SSH server.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl start sshd<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Then check that the SSH server is running.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl status sshd<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Once SSH is running, take note of your public IP address using the command below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ip addr<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">The second interface and the first called <em>ens*<\/em> should have your public IPv4 address. You can also find this at your <a href=\"https:\/\/hub.upcloud.com\/\" target=\"_blank\" rel=\"noopener\">UpCloud control panel<\/a> on the <em>Servers<\/em> list.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You are now ready to log in to the cloud server with SSH from your computer.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ssh root@<span style=\"color: #ff0000;\">ip-address<\/span><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Accept the new host for your <tt>known_hosts<\/tt> list by answering yes.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you get an error with the problem of too many authentication failures like below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Received disconnect from ip-address port 22:2: Too many authentication failures\nDisconnected from ip-address port 22<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Use the following command instead to attempt to authenticate properly.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ssh -o IdentitiesOnly=yes root@<span style=\"color: #ff0000;\">ip-address<\/span><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Once connected, you can continue to install the new system.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. Installing Arch Linux<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">You should now be ready to install Arch. The process is quite simple but requires a little prior understanding of storage partitions. You can find more information about the following steps at the <a href=\"https:\/\/wiki.archlinux.org\/index.php\/Installation_guide\" target=\"_blank\" rel=\"noopener\">ArchWiki install guide<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Note that you need to be connected to the Arch server over SSH before proceeding. Make sure you are working on the cloud server and not inadvertently formatting your own system partitions!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">First, enable the Network Time Protocol services to ensure the system clock is accurate.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">timedatectl set-ntp true<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Next, you\u2019ll need to partition the storage disk.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For this example, we are going to create 3 partitions. BIOS boot partition, a root partition and a separate partition for <tt>\/home.<\/tt><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Check the virtual hard drive label with the following command.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">lsblk<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">In the output, you\u2019ll see the partition like in the example below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">NAME  MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT\nloop0   7:0    0 489.5M  1 loop \/run\/archiso\/sfs\/airootfs\nsr0    11:0    1   602M  0 rom  \/run\/archiso\/bootmnt\nvda   254:0    0    25G  0 disk<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><tt>loop0<\/tt> is a <tt>squashfs<\/tt> which runs the installation ISO kernel<\/li>\n\n\n\n<li><tt>sr0<\/tt> is the ISO image mounted as a CDROM<\/li>\n\n\n\n<li><tt>vda<\/tt> is the hard disk we want to partition<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">You have the following partitioning tools available on the ISO: <tt>parted<\/tt>, <tt>fdisk<\/tt>, <tt>cfdisk<\/tt>, and <tt>gdisk<\/tt>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Feel free to choose the tool you prefer, but from these, <tt>cfdisk<\/tt> is probably the easiest to use. Run the partitioning tool to begin.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">cfdisk<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Select the gpt label type.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">                               \u250c Select label type \u2500\u2500\u2500\u2510\n                               \u2502 gpt                  \u2502\n                               \u2502 dos                  \u2502\n                               \u2502 sgi                  \u2502\n                               \u2502 sun                  \u2502\n                               \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Partition the disk according to the following example partition scheme:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\/dev\/vda1 1M BIOS boot<\/li>\n\n\n\n<li>\/dev\/vda2 8G Linux root (x86-64)<\/li>\n\n\n\n<li>\/dev\/vda3 17G Linux home<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Now, create the three partitions by their size and type as outlined above.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Select <tt>New<\/tt> and press enter to create a new partition<\/li>\n\n\n\n<li>Enter <tt>1M<\/tt> as the size and press enter again<\/li>\n\n\n\n<li>Select <tt>Type<\/tt> and press enter<\/li>\n\n\n\n<li>Then find the partition type <tt>BIOS boot<\/tt> and press enter to select it<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">                                    Disk: \/dev\/vda\n                  Size: 25 GiB, 26843545600 bytes, 52428800 sectors\n             Label: gpt, identifier: DDF8E89B-550E-8840-87A9-13322F81C117\n\n    Device                 Start            End        Sectors      Size Type\n&gt;&gt;  Free space              2048       52428766       52426719       25G              \n\n              [   New  ]  [  Quit  ]  [  Help  ]  [  Write ]  [  Dump  ]\n\n                         Create new partition from free space\n<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Repeat the steps to create the other two partitions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Once done, you should have three partitions as shown in the example below.&nbsp;Confirm the changes by selecting <tt>Write<\/tt> and pressing enter to save the partition table.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">                                    Disk: \/dev\/vda\n                  Size: 25 GiB, 26843545600 bytes, 52428800 sectors\n             Label: gpt, identifier: DDF8E89B-550E-8840-87A9-13322F81C117\n\n    Device                Start         End     Sectors    Size Type\n    \/dev\/vda1              2048        4095        2048      1M BIOS boot\n    \/dev\/vda2              4096    16781311    16777216      8G Linux root (x86-64)\n&gt;&gt;  \/dev\/vda3          16781312    52428766    35647455     17G Linux home            \n\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n \u2502Partition UUID: 8124F21E-A356-F44C-A67B-A61250C472D4                              \u2502\n \u2502Partition type: Linux home (933AC7E1-2EB4-4F13-B844-0E14E2AEF915)                 \u2502\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n  [ Delete ]  [ Resize ]  [  Quit  ]  [  Type  ]  [  Help  ]  [  Write ]  [  Dump  ]\n\n               Write partition table to disk (this might destroy data)\n<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">You can then quit the partitioning tool by selecting <tt>Quit<\/tt> and pressing enter.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Next, format the partitions and mount the filesystems with the commands below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mkfs.vfat \/dev\/vda1\nmkfs.ext4 \/dev\/vda2\nmkfs.ext4 \/dev\/vda3\nmount \/dev\/vda2 \/mnt\nmkdir \/mnt\/home\nmount \/dev\/vda3 \/mnt\/home\n<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">When the partitions are set and ready, select your preferred mirror servers to install Arch Linux from by editing the&nbsp;&nbsp;<tt>\/etc\/pacman.d\/mirrorlist<\/tt>&nbsp;file.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The file is a simple text file with mirror server addresses<\/li>\n\n\n\n<li>All mirrors are enabled by default, you can back up the <tt>mirrorlist<\/tt> file and choose few mirrors according to your liking in close proximity<\/li>\n\n\n\n<li>The higher a mirror is placed in the list, the more priority it is given when downloading a package. You may want to edit the file accordingly and move the geographically closest mirrors to the top of the list.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Install the base Arch Linux and the additionally needed packages.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">pacstrap \/mnt base linux grub openssh nano dhcpcd<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Once the installation has finished, continue below with configuring the system.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">4. Configuring the system<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Before the new server is ready to start on its own, you\u2019ll need to configure a few options.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">First, generate a filesystem table using the command below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">genfstab -U \/mnt &gt;&gt; \/mnt\/etc\/fstab<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Then change into the new system using <tt>chroot<\/tt>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">arch-chroot \/mnt<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Next, set your time zone based on the region and capital city you wish, for example, using the command below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ln -sf \/usr\/share\/zoneinfo\/<span style=\"color: #ff0000;\">Europe\/Berlin<\/span> \/etc\/localtime<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">You can find the full list of time zones to select from using the following command.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">timedatectl list-timezones<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Configure the system clock and generate the&nbsp;<tt>\/etc\/adjtime&nbsp;<\/tt>file.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">hwclock --systohc<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Select your preferred locales by uncommenting the desired option in the&nbsp;<em>\/etc\/locale.gen<\/em> file. A quick way of doing so is using <em>sed<\/em> with the command below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sed -i 's\/#en_US.U\/en_US.U\/' \/etc\/locale.gen<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Then generate the locales.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">locale-gen<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Next, create a <em>locale.conf<\/em> file with the following text.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">echo \"LANG=en_US.UTF-8\" &gt; \/etc\/locale.conf<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">And set your keyboard layout.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">echo \"KEYMAP=us\" &gt; \/etc\/vconsole.conf<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Note that we\u2019ll still need to make some quick configurations over the web console connection which works best with the US keyboard layout. You can change this later when SSH is up again by changing the&nbsp;<tt>KEYMAP<\/tt>&nbsp;variable.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Afterwards, set your system hostname as you prefer.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">echo \"<span style=\"color: #ff0000;\">your_hostname<\/span>\" &gt; \/etc\/hostname<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Then generate a skeleton&nbsp;<tt>\/etc\/hosts<\/tt>&nbsp;file.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">cat &gt; \/etc\/hosts &lt;&lt; EOF\n127.0.0.1 localhost\n::1 localhost\nEOF\n<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Don\u2019t forget to set the root password now on the actual server.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">passwd<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Finally, install the&nbsp;GRUB boot loader to allow the server to start.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">grub-install --target=i386-pc \/dev\/vda\ngrub-mkconfig -o \/boot\/grub\/grub.cfg\n<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">The system is now ready to boot.&nbsp;Exit chroot and reboot the server.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">exit\nshutdown -h now<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">As we used an SSH connection, issuing a shutdown command naturally terminates the connection.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Next, to have the server boot up from the newly installed storage system you\u2019ll need to change the boot order to select storage first. Open your cloud server settings and find the Boot order under the Optionals section at your&nbsp;<a href=\"https:\/\/hub.upcloud.com\" target=\"_blank\" rel=\"noopener\">UpCloud control panel<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Set the Boot order to <tt>storage, cdrom<\/tt> and shown below and then click the <em>Save changes<\/em> button.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/upcloud.com\/media\/arch-linux-change-boot-order.png\" alt=\"Arch Linux setting boot order to storage first\" class=\"wp-image-10838\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">You can then restart the server by clicking the <em>Start<\/em> button at the top right of the same page. Once your server has booted up again, you can continue with the configuration.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Note that the new system will be inaccessible via SSH for now, as the previous daemon was running on the installation ISO. See below to get this fixed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">5. Setting up SSH connection<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Next, we\u2019ll set up an SSH daemon again using the web console to be able to connect to the new machine. Go back to your <a href=\"https:\/\/hub.upcloud.com\" target=\"_blank\" rel=\"noopener\">UpCloud control panel<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Now is also a good time to configure a firewall. While optional at this point, it can help you protect your new server from external threats. To do this, open the UpCloud firewall page and create the following rules for SSH connections and DNS Servers on IPv4.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Incoming, default rule: DROP<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Protocol Src addr Src port Tgt address Tgt port Action Notes\nICMP0\/IPv4 Any - Any - accept Allow echo replies in\nTCP\/IPv4 Any Any Any 22 accept SSH connection\nUDP\/IPv4 94.237.40.9 53 Any Any accept UpCloud DNS server\nUDP\/IPv4 94.237.129.9 53 Any Any accept UpCloud DNS server<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Outgoing, default rule: ACCEPT<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">TCP Any Any Any 25 drop SMTP Outbound blocked<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Open a console connection to the cloud server from your UpCloud control panel and log in to the <tt>root<\/tt> account.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Once in, start and enable the DHCP client daemon.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl enable dhcpcd\nsystemctl start dhcpcd<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Then confirm your system is getting an IP address with the&nbsp;<tt>ip addr&nbsp;<\/tt>command.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">While connected to the console, enable root access over the SSH connection.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Make a backup copy of the <tt>sshd_config<\/tt> file. You should be able to use tab auto-completion to make this easier on the web console.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">cp \/etc\/ssh\/sshd_config \/etc\/ssh\/backup.sshdconf<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Next, set the <tt>PermitRootLogin yes<\/tt> either by editing the&nbsp;<tt>\/etc\/ssh\/sshd_config<\/tt> file.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">nano&nbsp;\/etc\/ssh\/sshd_config<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Alternatively, if your keymapping is working well you could use the following command to accomplish the same.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sed -i '\/PermitRootLogin proh\/cPermitRootLogin yes' \/etc\/ssh\/sshd_config\n<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Then finally enable and start the SSH daemon on the console.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl enable sshd\nsystemctl start sshd<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">On your local system, clear the previous entry from your <tt>known_hosts<\/tt> file. On the machine initiating SSH connection, a known_hosts entry was added on the installation process. The file resides at <tt>\/home\/<span style=\"color: #ff0000;\">user<\/span>\/.ssh\/known_hosts<\/tt>. Just remove the entry associated with your server\u2019s IP address e.g. using the command below by replacing the&nbsp;<span style=\"color: #ff0000;\">ip-address<\/span>&nbsp;with your server\u2019s public IP.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ssh-keygen -f \"~\/.ssh\/known_hosts\" -R \"<span style=\"color: #ff0000;\">ip-address<\/span>\"<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Finally, connect to the cloud server using SSH.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">$ ssh root@<span style=\"color: #ff0000;\">ip-address<\/span><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">With the remote connection enabled, we can now further configure the server.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">6. Setting up a new user and SSH authentication<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">You should now be connected to your new Arch server over SSH and the basic install is complete, but we are not quite done. For improved security and convenience, you should set up a new username for yourself and configure SSH keys to it.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Start by creating a new unprivileged username using the command below. Name the account as you see fit.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">useradd -m <span style=\"color: #ff0000;\">username<\/span><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Then set a password for the new user.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">passwd <span style=\"color: #ff0000;\">username<\/span><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Now, SSH daemon is already running but the settings allow root to log in which can be insecure. Revert the changes made to the sshd_config file by swapping it to the default config we backed up earlier.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">cp \/etc\/ssh\/backup.sshdconf \/etc\/ssh\/sshd_config<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Then, restart the SSH daemon to apply the new configuration.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl restart sshd<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Next, generate an SSH key pair for your regular user on your own computer. You should preferably also secure the key with a password. On Linux systems, this can be achieved with the following command.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">$ ssh-keygen<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Once you have created a new SSH key pair, copy over the public part to your Arch Linux server. By default, the public SSH key is saved to&nbsp;<tt>\/home\/<span style=\"color: #ff0000;\">username<\/span>\/.ssh\/id_rsa.pub<\/tt>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Then on the cloud server, change into your new user account and create the following directory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">su <span style=\"color: #ff0000;\">username<\/span>\nmkdir ~\/.ssh<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">The public SSH key should be saved to file at <tt>\/home\/<span style=\"color: #ff0000;\">username<\/span>\/.ssh\/authorized_keys<\/tt>. Open a new file in a text editor, for example, by using <tt>nano<\/tt> and copy the public SSH key into this file.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">nano ~\/.ssh\/authorized_keys<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Then save the file and exit the editor.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Next, switch back to the root user by simply exiting your new username.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">exit<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">You can then edit the <tt>\/etc\/ssh\/sshd_config<\/tt> file according to your needs.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">nano&nbsp;\/etc\/ssh\/sshd_config<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Here are some examples of changes you might wish to make:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Disable the <em>sftp<\/em> subsystem if not needed by commenting out the line<\/li>\n\n\n\n<li>Disable password login by setting&nbsp;<em>PasswordAuthentication no<\/em><\/li>\n\n\n\n<li>Speed up the login by setting SSH to only use IPv4 with<em>&nbsp;AddressFamily inet<\/em><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">You can find more information about the available configuration options at the <a href=\"https:\/\/wiki.archlinux.org\/index.php\/OpenSSH#Protection\" target=\"_blank\" rel=\"noopener\">ArchWiki<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">After altering the configuration, restart the SSH daemon again as the <em>root<\/em> user.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl restart sshd<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Then test logging in by opening a new terminal window on your own machine, and connecting with the username you created earlier.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">$ ssh <span style=\"color: #ff0000;\">user<\/span>@<span style=\"color: #ff0000;\">ip-address<\/span><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">All done!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">7. Further configuration<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Your Arch Linux server is now fully installed with a working SSH connection. However, the installation is very basic, and you probably want to install more programs. For example, there is currently no firewall configured and even the sudo package will need to be installed and configured separately.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Individual packages can be installed with the command below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">pacman -S <span style=\"color: #ff0000;\">package<\/span><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Refer to the <a href=\"https:\/\/wiki.archlinux.org\/\" target=\"_blank\" rel=\"noopener\">ArchWiki<\/a> for details on packages.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Full system upgrade is done using the following command.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">pacman -Suy<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Since Arch pulls the latest packages during the system install, there is likely nothing to do for the moment, but remember to periodically check for updates or configure the server to do so automatically.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Note that while most upgrades can be installed without restarting the server, you should still perform a reboot after any updates to the kernel.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Additionally, if your server ever ends in an inoperable state, you can use the install CDROM as rescue media by changing the boot order again to <tt>cdrom, storage<\/tt> and restarting your Arch Linux server.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Testing notes<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">After rebooting the system via SSH connection with <tt>reboot<\/tt> as the root user, it might take a minute until the server accepts SSH connections again. Booting itself is really fast, but the SSH daemon can take time to fully start.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If SSH fails to connect after rebooting, logging in as any user via the web browser console connection should solve the issue and allow you to connect using SSH.<\/p>\n","protected":false},"author":21,"featured_media":27512,"comment_status":"open","ping_status":"closed","template":"","community-category":[223],"class_list":["post-2227","tutorial","type-tutorial","status-publish","has-post-thumbnail","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/tutorial\/2227","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/tutorial"}],"about":[{"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/types\/tutorial"}],"author":[{"embeddable":true,"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/comments?post=2227"}],"version-history":[{"count":0,"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/tutorial\/2227\/revisions"}],"wp:attachment":[{"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/media?parent=2227"}],"wp:term":[{"taxonomy":"community-category","embeddable":true,"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/community-category?post=2227"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}