I love Digital Ocean. It’s the cheapest, fastest, easiest way to get a Linux virtual server up and running. They’ve got a great interface too:
There are some great choices here, no doubt, but where’s Arch Linux? Well, DO dropped their support for Arch Linux as it was apparently too difficult to support a rolling release for them. Fair enough, I guess, but but what about those of us who want Arch anyway? Experienced Arch users aren’t exactly the type to balk at a lack of official support though. Besides, who needs support when you’ve got the Arch Wiki?
I was content to stick with my Ubuntu and CentOS droplets, until I came across this github project: digitalocean-debian-to-arch. Basically, it’s a script that will turn a Debian 7 digital ocean droplet into a super lightweight Arch droplet.
Just spin up a new Debian 7 droplet (32 or 64 bit) and once you get it up and running, ssh in (or use Digital Ocean’s console access from their Web UI) and run the following command as root:
wget https://raw.githubusercontent.com/gh2o/digitalocean-debian-to-arch/master/install7.sh && bash install7.sh
Answer yes when prompted and then just wait! In a few minutes you’ll have a fully up to date Arch Linux droplet.
Warning: Always be wary of running random commands you find on the internet. You can view their script here and see that it checks out. It worked great for me, but it’s best practice to be wary of this type of thing in general. There’s not much at stake here though, since you’re running it on a virtual machine you just created and can easily delete.
Once the script finishes and the droplet reboots, log back in and let’s get Arch set up:
A great place to start is the General Recommendations Arch wiki page. It is a must read for new users. For now though, let’s just do a few basics.
It is considered best practice not to log in as root, but to use
sudo to perform necessary system tasks. Let’s create a new user, jay, and set a password for it:
# useradd -m -G wheel -s /bin/bash jay # passwd jay
Now we need to grant our user sudo access:
# pacman -S sudo # EDITOR=nano visudo
This will open the sudoers file, which lists which users and groups have sudo access. This command will open it in
nano, but you could substitute your editor of choice or use the default
vi. Scroll down to this line and uncomment it by removing the # at the beginning of the line:
%wheel ALL=(ALL) ALL
This will let any members of the group wheel have sudo access. Hit ctrl-x and then y to save.
Now that we’ve got our user created, let’s create an authorized_keys file for our user. If you don’t know about ssh keys, then check the Arch wiki before proceeding: SSH keys. Once you have an ssh public key ready to go, then just add to your
$ su - jay $ mkdir .ssh $ nano .ssh/authorized_keys
Paste in your public key here, and save it with ctrl+x, then y. Setting the correct file permissions is our next step:
$ chmod g-w /home/jay $ chmod 700 /home/jay/.ssh $ chmod 600 /home/jay/.ssh/authorized_keys
Now it’s time to lock down ssh and make it more secure.
$ sudo nano /etc/ssh/sshd_config
Open up the sshd config file and change
Port 22 to some other number. Security through obfuscation, the default port is 22 and just by changing it to another number you can prevent a lot of automated attempts to gain access to your server. You should also set
PermitRootLogin to no,
PubkeyAuthentication to yes, and
PasswordAuthentication to no. Ctrl + x, then y to save.
I’ve only just set this up today, so I haven’t really done anything other than what’s shown here. I’m very excited to start playing with it now. I might set up Owncloud and ditch my Ubuntu droplet. Or I could set up a VPN server that I could turn off and on whenever I’m stuck with an unsafe wifi connection. With Arch, there’s not much you can’t do. Whenever I find a use for this thing, I’ll do a post on it.