Headless Linux Installation Guide: SSH Setup Without Monitor or Keyboard


1 views

html

To perform a headless installation of Linux (specifically Fedora 8+) without a monitor or keyboard, you'll need:

  • A machine with CD/floppy drive
  • Network connectivity (wired preferred)
  • Another computer on the same network
  • Basic Linux command-line knowledge

Here's how to create a Fedora Live CD with pre-configured SSH access:


# Step 1: Download Fedora Live CD ISO
wget https://download.fedoraproject.org/pub/fedora/linux/releases/34/Workstation/x86_64/iso/Fedora-Workstation-Live-x86_64-34-1.2.iso

# Step 2: Customize the ISO
mkdir fedora-custom
sudo mount -o loop Fedora-Workstation-Live-x86_64-34-1.2.iso fedora-custom
mkdir fedora-iso
cp -a fedora-custom/* fedora-iso/
sudo umount fedora-custom

# Step 3: Add SSH configuration
echo "PermitRootLogin yes" >> fedora-iso/root/overlay/etc/ssh/sshd_config
echo "root:yourpassword" | chpasswd -R fedora-iso/root/overlay/

For Fedora, you can use a kickstart file:


# Example kickstart.cfg
install
url --url=http://download.fedoraproject.org/pub/fedora/linux/releases/34/Server/x86_64/os/
lang en_US
keyboard us
network --device=eth0 --bootproto=dhcp --activate
rootpw --plaintext yourpassword
firewall --disabled
services --enabled=sshd
reboot
%packages
@core
openssh-server
%end

Once installed, connect via SSH:


ssh root@server-ip
# If using key-based auth:
ssh-copy-id root@server-ip
  • Check network connectivity with ping
  • Verify SSH port is open: nmap -p 22 server-ip
  • For Fedora 8+, ensure SELinux policies allow SSH access

For systems without CD drive but with PXE support:


# Sample PXE configuration
default linux
label linux
kernel vmlinuz
append initrd=initrd.img ks=http://your-server/kickstart.cfg

When performing a headless Linux installation without monitor or keyboard access, the primary obstacle is gaining initial control over the system. For machines with CD drive capability (like your case), we can leverage modified live media to establish early SSH access.

For Fedora 8 and later versions, here's a proven method using customized live media:


# Step 1: Prepare Customized Live ISO
1. Mount the original Fedora Live ISO:
mkdir -p /mnt/iso
mount -o loop Fedora-Live.iso /mnt/iso

2. Copy contents to working directory:
cp -a /mnt/iso /home/user/fedora-custom

3. Modify the kickstart file (or create one):
nano /home/user/fedora-custom/isolinux/ks.cfg

Example ks.cfg content for automatic SSH setup:


# Enable SSH with password authentication
services --enabled=sshd
network --activate --onboot=on --device=eth0 --bootproto=dhcp
rootpw --plaintext yourpasswordhere

For non-Fedora distributions, consider these approaches:

  1. Debian/Ubuntu: Use preseed files with auto-enable SSH option
  2. Arch Linux: Modify the archiso process to include SSH daemon
  3. Generic Solution: Use vendor-specific IPMI or iDRAC if available

Once the base system is installed, immediately secure your SSH access:


# Regenerate SSH host keys
rm /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server

# Disable password authentication
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config

# Restart SSH service
systemctl restart sshd
  • If DHCP fails, include static network configuration in your kickstart/preseed file
  • For problematic hardware, test with "nomodeset" kernel parameter
  • Always verify SSH host keys after first connection to prevent MITM attacks