Install Arch Linux via SSH

From ArchWiki
Jump to navigation Jump to search

This article is intended to show users how to install Arch remotely via an SSH connection. Consider this approach when the host is located remotely or you wish to use the copy/paste ability of an SSH client to do the Arch install.

On the remote (target) machine

Note: These steps require physical access to the machine. If the host is physically located elsewhere, this may need to be coordinated with another person.

Boot the target machine into a live Arch environment via the Live CD/USB image: this will log the user in as root.

At this point, setup the network on the target machine as for example suggested in Installation guide#Connect to the internet.

Secondly, setup a root password which is needed for an SSH connection, since the default Arch password for root is empty: 

# passwd

Now check that PermitRootLogin yes is present (and uncommented) in /etc/ssh/sshd_config. This setting allows root login with password authentication on the SSH server.

Finally, start the openssh daemon with sshd.service, which is included by default on the live CD.

Note: Unless required, after installation it is recommended to remove PermitRootLogin yes from /etc/ssh/sshd_config.
Tip: If the target machine is behind a NAT router, and you require external access, the SSH port (22 by default) will need to be forwarded to the target machine's LAN IP address.

On the local machine

On the local machine, connect to the target machine via SSH with the following command: 

$ ssh root@ip.address.of.target

From here one is presented with the live environment's welcome message and is able to administer the target machine as if sitting at the physical keyboard. At this point, if the intent is to simply install Arch from the live media, follow the guide at Installation guide. If the intent is to edit an existing Linux install that got broken, follow the Install from existing Linux wiki article.

Tip: Consider using GNU Screen or tmux on the target machine (both are available in the live environment), so that if you are disconnected you can reattach to your multiplexer's session.

Installation on a headless server

Note: These steps may require physical access to the headless machine. Somebody has to insert the installation medium and power up the headless server.

This section describes installation of Arch Linux on a headless server without a keyboard, mouse or display. It uses an additional drive with cloud-init NoCloud configuration to automatically configure OpenSSH authorized keys and optionally iwd connection(s).

There are two required cloud-init configuration files: meta-data and user-data.

The meta-data file can be empty: 

$ printf "" > meta-data

user-data will contain the relevant configuration: 

user-data
#cloud-config
users:
  - name: root
    ssh_authorized_keys:
      - ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
      - ssh-ed25519 YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY

write_files:
- content: |
    [Security]
    PreSharedKey=aafb192ce2da24d8c7805c956136f45dd612103f086034c402ed266355297295
  path: /var/lib/iwd/spaceship.psk

Replace ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX with your public SSH key. To add multiple keys, simply repeat the statement as shown above.

write_files: can be used to create iwd network configuration files if needed. Refer to iwd#Network configuration for details about them.

Once both files are created they need to be placed on a drive with an ISO 9660 or FAT volume labeled CIDATA:

  • Use a FAT formatted drive. Copy meta-data and user-data to the drive and change the file system's LABEL to CIDATA.
  • Create a cloud-init.iso file using xorriso from libisoburn: 
    $ xorrisofs -output cloud-init.iso -volid CIDATA -joliet -rational-rock meta-data user-data
  • If the installation image is written to a disk (e.g. a USB flash drive), provided there is enough space on the drive, the partition table can be expanded to the real end of the disk and an additional partition can be added. A FAT file system with label CIDATA can then be created on it.

Alternatively, create a custom ISO using Archiso and place the cloud-init configuration files in airootfs/var/lib/cloud/seed/nocloud/. This allows using only one drive.

Once finished, deploy the ISO(s) to the headless machine using a USB flash installation medium, optical disc, PXE or any other available means. Power up the headless machine and boot into a live Arch environment from the installation medium.

Wait for a minute or so to allow the headless machine time to boot up and connect to the network. From your existing machine (with keyboard and display) SSH into the live Arch environment on the headless server and complete the installation as described in the Installation guide.

Note: To belabor the obvious, all the Wi-Fi and SSH configuration that was carried out in the boot image needs to be done again in the actual Arch Linux installation to allow WiFi SSH access to the headless machine after installation.
Retrieved from "https://wiki.archlinux.org/index.php?title=Install_Arch_Linux_via_SSH&oldid=653630"