The "regular" distro installation process with Hetzner is a pain in the ass. They have a limited number of KVM devices so you have to open a support ticket requesting one. The options are "ASAP" and by appointment. In my experience, "ASAP" has been anywhere from 10 minutes to an hour and "by appointment" starts the next day. When they attach the KVM, you get an email with a URL, username, and password. After opening the URL, you'll see which device they've given you. One is modern and can be used perfectly fine in a browser. The other I've had is archaic and can only be interacted with through a Java applet that crashed on both my Arch installation and in an Ubuntu 20.04 VM. I was unimpressed.
If you want to install a custom operating system aside from their two-click deployments, option one is to upload an ISO through the KVM. This has no progress or status indicator until the upload is finished; at which point there will be a small notification in the window that disappears after a short period of time. It's very easy to miss. Option two is providing credentials for a SAMBA server containing the image you'd like installed. Both of these options are terribly slow.
Thankfully, they have a much simpler way to set things up.
Note: if you're used to working with systems from other providers, this may not be the same process. Read carefully.
The Rescue System
Hetzner's Rescue System is the simplest way I've found to get Debian set up; as part of that system, they provide a script called installimage which automates almost everything, including software RAID.
To activate it, go to [https:robot.your-server.de The Robot], click
Server, expand the one you're setting up, click the
Rescue tab, and activate the rescue system for your architecture (likely 64-bit). ''Take note of the generated password at the bottom.'' Go to the
Reset tab, select the power button, send the signal, wait a few seconds, select the power button again, and send the signal again. When your server finishes booting, you'll be able to connect to the rescue system.
SSH into the root account and enter the generated password. ''Don't lose it. It will be needed later.'' You should now see something like this.
------------------------------------------------------------------- Welcome to the Hetzner Rescue System. This Rescue System is based on Debian 10 (buster) with a custom kernel. You can install software as in a normal system. To install a new operating system from one of our prebuilt images, run 'installimage' and follow the instructions. More information at https://docs.hetzner.com/ ------------------------------------------------------------------- Rescue System up since 2021-01-23 05:18 +01:00 Hardware data: CPU1: AMD Ryzen 7 3700X 8-Core Processor (Cores 16) Memory: 64258 MB Disk /dev/nvme0n1: 1024 GB (=> 953 GiB) Disk /dev/nvme1n1: 1024 GB (=> 953 GiB) Total capacity 1907 GiB with 2 Disks Network data: eth0 LINK: yes MAC: a8:a1:59:3b:18:4a IP: 126.96.36.199 IPv6: 2a01:4f9:3a:1f11::2/64 Intel(R) Gigabit Ethernet Network Driver root@rescue ~ #
From here, you should just be able to run
installimage. A menu will appear in your terminal asking what distro you want; for this guide, choose
Debian then go with the latest
minimal version. Read the info screen, press OK, take a look at the configuration file. If you have 2 or more disks, I recommend leaving software RAID enabled and leaving it at RAID 1.
RAID IS NOT A BACKUP! It simply ensures that, should one drive fail, the server will continue running. You should be taking your own, automated backups. When a drive fails, contact Hetzner support, have them replace it as soon as possible, then rebuild your array.
Set your hostname according to what's on the main Debian page and work out your partitions. The defaults are perfectly suitable but, if you want a different setup, this is the place to make that change.
IMAGE line is what determines the OS that will be installed. By default, it's set to what you entered at the initial screen, the minimal version of the latest Debian release.
Glance over the file once or twice more to ensure everything is satisfactory. If it is, hit
F10, and confirm the changes. All that's left is to watch everything get set up!
After it's complete, type
Enter, wait a couple minutes then SSH back in with the same password.
You may see an error about the remote host's identification having been modified. This is expected. Simply remove the offending line from
The Actual System
add user to sudo group
usermod -aG sudo user
copy ssh keys and rc file
disable password login
disable root login
remove root password
passwd -d root
review SSH logs to ensure no one brute-forced a session during setup