Difference between revisions of "Debian/Hetzner"
m (add step)
m (add category)
|Line 1:||Line 1:|
Latest revision as of 21:22, 16 September 2021
The "regular" distro installation process with Hetzner is a pain in the ass. They have a limited number of KVM devices so you have to open a support ticket requesting one. The options are "ASAP" and by appointment. In my experience, "ASAP" has been anywhere from 10 minutes to an hour and "by appointment" starts the next day. When they attach the KVM, you get an email with a URL, username, and password. After opening the URL, you'll see which device they've given you. One is modern and can be used perfectly fine in a browser. The other I've had is archaic and can only be interacted with through a Java applet that crashed on both my Arch installation and in an Ubuntu 20.04 VM. I was unimpressed.
If you want to install a custom operating system aside from their two-click deployments, option one is to upload an ISO through the KVM. This has no progress or status indicator until the upload is finished; at which point there will be a small notification in the window that disappears after a short period of time. It's very easy to miss. Option two is providing credentials for a SAMBA server containing the image you'd like installed. Both of these options are terribly slow.
Thankfully, they have a much simpler way to set things up.
The Rescue System
Hetzner's Rescue System is the simplest way I've found to get Debian set up; as part of that system, they provide a script called
installimage which automates almost everything, including software RAID.
To activate it, go to The Robot, click
Server, expand the one you're setting up, click the
Rescue tab, and activate the rescue system for your architecture (likely 64-bit). Take note of the generated password at the bottom. Go to the
Reset tab, select the power button, send the signal, wait a few seconds, select the power button again, and send the signal again. When your server finishes booting, you'll be able to connect to the rescue system.
SSH into the root account and enter the generated password. Don't lose it. It will be needed later. You should now see something like this.
------------------------------------------------------------------- Welcome to the Hetzner Rescue System. This Rescue System is based on Debian 10 (buster) with a custom kernel. You can install software as in a normal system. To install a new operating system from one of our prebuilt images, run 'installimage' and follow the instructions. More information at https://docs.hetzner.com/ ------------------------------------------------------------------- Rescue System up since 2021-01-23 05:18 +01:00 Hardware data: CPU1: AMD Ryzen 7 3700X 8-Core Processor (Cores 16) Memory: 64258 MB Disk /dev/nvme0n1: 1024 GB (=> 953 GiB) Disk /dev/nvme1n1: 1024 GB (=> 953 GiB) Total capacity 1907 GiB with 2 Disks Network data: eth0 LINK: yes MAC: a8:a1:59:3b:18:4a IP: 220.127.116.11 IPv6: 2a01:4f9:3a:1f11::2/64 Intel(R) Gigabit Ethernet Network Driver root@rescue ~ #
From here, you should just be able to run
installimage. A menu will appear in your terminal asking what distro you want; for this guide, choose
Debian then go with the latest
minimal version. Read the info screen, press OK, take a look at the configuration file. If you have 2 or more disks, I recommend leaving software RAID enabled and leaving it at RAID 1.
Set your hostname according to what's on the main Debian page and work out your partitions. The defaults are perfectly suitable but, if you want a different setup, this is the place to make that change.
IMAGE line is what determines the OS that will be installed. By default, it's set to what you entered at the initial screen, the minimal version of the latest Debian release.
Glance over the file once or twice more to ensure everything is satisfactory. If it is, hit F2, press Enter, hit F10, and confirm the changes. All that's left is to watch everything get set up!
After it's complete, type
reboot, press Enter, wait a couple minutes then SSH back in with the same password.
The Actual System
- install sudo
- add users
- adduser user
- add user to sudo group
- usermod -aG sudo user
- copy ssh keys and rc file
- disable xforwarding
- disable password login
- disable root login
- restart sshd
- remove root password
- passwd -d root
- review SSH logs to ensure no one brute-forced a session during setup