User:PMay/Hetzner step by step

From ArchWiki

(Todo: put description here)

Start and log into the Hetzner Rescue System

  • log in to robot: https://robot.your-server.de/
  • activate 64bit linux rescue system
  • copy and paste the password given to you by the robot
  • restart your server
  • log in with ssh
 # ssh -l root <your_ip_or_hostname>

Disk after Debian LAMP installation

Your disk looks like this after the default debian LAMP installation:

 /dev/sda1 1gb swap
 /dev/sda2 500mb boot
 /dev/sda3 19gb root

Install the bootstrap system

  • now we use the root partition (/dev/sda1) to install the bootstrap system
 # mkfs.ext4 /dev/sda1
 # mkdir /arch
 # mount /dev/sda1 /arch
 # cd /arch
 # curl -O http://ftp.halifax.rwth-aachen.de/archlinux/iso/2019.01.01/archlinux-bootstrap-2019.01.01-x86_64.tar.gz
  • check the md5 sum
 # md5sum archlinux-bootstrap-2019.01.01-x86_64.tar.gz
  • if the md5sum is ok unpack the tar archive
 # tar xvfz archlinux-bootstrap-2019.01.01-x86_64.tar.gz
 # nano root.x86_64/etc/pacman.d/mirrorlist
  • changeroot into the rescue system
 # /arch/root.x86_64/bin/arch-chroot /arch/root.x86_64/

basic installation

  • make file system for boot and root
 # mkfs.ext4 /dev/sda2
 # mkfs.ext4 /dev/sda3
  • mount the partitions
 # mount /dev/sda3 /mnt
 # mkdir /mnt/boot 
 # mount /dev/sda2 /mnt/boot
  • init the pacman key
 # pacman-key --init
  • open second ssh console on the rescue system and type
 # find / -name foo
  • this is to generate some entropy
  • continue with
 # pacman-key --populate archlinux
  • and this this (for some strange reason)
 # mkdir /run/shm
  • now install the system
 # pacstrap /mnt base
 # pacstrap /mnt base-devel
 # pacstrap /mnt syslinux
 # pacstrap /mnt net-tools
 # pacstrap /mnt openssh
  • create fstab
 # genfstab -p /mnt >> /mnt/etc/fstab
  • chroot again into the new system
 # arch-chroot /mnt
  • white yout hostname to /etc/hostname
 # nano /etc/hostname
  • set timezone - for example:
 # ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
  • create and edit /etc/locale.conf
 # nano /etc/locale.conf
  • enter
 LANG="en_US.UTF-8"
 LC_TIME="de_DE.UTF-8"
  • edit /etc/locale.gen
 # nano /etc/locale.gen
  • and remove the comments infront of en_US.UTF-8 and de_DE.UTF-8
  • run locale-gen
 # locale-gen
  • run mkinitcpio (and ignore the two warnungs in the fallback section)
 # mkinitcpio -p linux
  • install syslinux
 # syslinux-install_update -i -a -m

Set Passwords and add User

  • set password for root
 # passwd
  • add your normal user
 # useradd -m -g users -G wheel -s /bin/bash <your_username>
  • set password for the user
 # passwd <your_username>

Set DNS

  • add DNS names in /etc/resolv.conf
 # name /etc/resolv.conf

Configure Network

  • create directory
 # mkdir /etc/conf.d
  • create and edit
 # nano /etc/conf.d/network@ens3
  • my example config:
 address=88.198.159.103
 netmask=24
 broadcast=88.198.159.111
 gateway=88.198.159.97
  • create and edit
 # /etc/systemd/system/network@.service
  • config example:
 [Unit]
 Description=Network connectivity (%i)
 Wants=network.target
 Before=network.target
 BindsTo=sys-subsystem-net-devices-%i.device
 After=sys-subsystem-net-devices-%i.device
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=/etc/conf.d/network@%i
 ExecStart=/usr/bin/ip link set dev %i up
 ExecStart=/usr/bin/ip addr add ${address}/${netmask} broadcast ${broadcast} dev %i
 ExecStart=/usr/bin/sh -c 'test -n ${gateway} && /usr/bin/ip route add default via ${gateway}'
 ExecStop=/usr/bin/ip addr flush dev %i
 ExecStop=/usr/bin/ip link set dev %i down
 [Install]
 WantedBy=multi-user.target
  • enable the service
 # systemctl enable network@ens3.service

Configure SSH

  • enable sshd
 # systemctl enable sshd.service

reboot

  • log out anf chroots and reboot
 # exit
 # umount /mnt/boot
 # umount /mnt
 # exit
 # reboot
  • ... and now pray

Activate Swap

  • use fdisk to change partition ID of /dev/sda1 to 82
 # fdisk /dev/sda
  • create swap and mount it
 # mkswap /dev/sda1
 # swapon /dev/sda1
  • edit fstab
 # nano /etc/fstab
  • and add this at bottom
 /dev/sda1           	none      	swap      	defaults  	0 0

Next Steps

  • check if /etc/resolv.conf sill has the right values - it might be getting lost
  • secure ssh - see:
  • configure firewall