Minimal Fedora Server Installation Guide: Essential Packages for Headless SSH Management


2 views

When setting up a barebones Fedora server installation, we need to focus on just two fundamental components:

  • A functional Linux kernel
  • SSH server for remote administration

Starting with Fedora's netinstall image is ideal for minimal installations. During the installation process:

1. Select "Minimal Install" from the Software Selection screen
2. Under 'Additional Software', check only:
   - core
   - openssh-server
   - systemd (included by default)
   - dnf (included by default)

After installation completes, verify the essential services:

# Check running services
systemctl list-units --type=service --state=running

# Verify SSH is active
systemctl status sshd

# Check installed packages
rpm -qa | wc -l  # Should show <500 packages

For specific server roles, add only what's necessary:

# Web server example:
dnf install nginx php-fpm mariadb-server

# Database server:
dnf install postgresql-server

# Monitoring:
dnf install prometheus-node-exporter

With minimal installations, security becomes simpler:

# Configure firewall
firewall-cmd --permanent --add-service=ssh
firewall-cmd --reload

# Disable root SSH login
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
systemctl restart sshd
  • Regularly update with dnf upgrade --security
  • Monitor disk space with df -h
  • Review logs using journalctl -xe

To further minimize the installation:

# Remove documentation
dnf remove $(rpm -q --whatprovides /usr/share/doc)

# Clean cache
dnf clean all

When setting up a Fedora server for remote administration via SSH, a minimal installation reduces attack surface, improves boot times, and conserves resources. Unlike desktop setups, servers don't need GUI packages or unnecessary dependencies.

During Fedora installation (netinstall recommended), select "Minimal Install" from the software selection screen. Alternatively, use this kickstart file for automation:

# Example kickstart for minimal Fedora server
install
url --url=https://download.fedoraproject.org/pub/fedora/linux/releases/$VERSION/Server/x86_64/os/
lang en_US.UTF-8
keyboard us
network --bootproto=dhcp --device=eth0
rootpw --plaintext yourpassword
firewall --enabled --ssh
selinux --enforcing
timezone UTC
bootloader --location=mbr
clearpart --all --initlabel
autopart --type=lvm --fstype=ext4
%packages --instLangs=en_US.UTF-8
@core
openssh-server
vim-minimal
curl
wget
%end

After base installation, enable SSH and update the system:

sudo dnf update -y
sudo systemctl enable --now sshd
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

These packages form the absolute minimum for a functional server:

  • @core - Minimal Fedora package group
  • openssh-server - Remote administration
  • policycoreutils - SELinux utilities
  • dnf-yum - Package management
  • iproute - Network configuration
  • chrony - Time synchronization

Remove unnecessary packages and dependencies:

sudo dnf remove -y $(dnf repoquery --unneeded --qf "%{name}")
sudo dnf autoremove -y
sudo dnf clean all

Install only what you need. For a web server example:

sudo dnf install -y nginx php-fpm mariadb-server
sudo systemctl enable --now nginx mariadb php-fpm

Essential security measures for minimal installations:

# Disable root SSH login
sudo sed -i 's/^#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo systemctl restart sshd

# Enable automatic updates
sudo dnf install -y dnf-automatic
sudo sed -i 's/apply_updates = no/apply_updates = yes/' /etc/dnf/automatic.conf
sudo systemctl enable --now dnf-automatic.timer