to navigate

to select

to close

On this page

Installation and First Login

Installation Options

Method	Use case	Notes
Bare metal	Dedicated laptop or desktop	Full hardware access
Virtual machine	VirtualBox, VMware, UTM, Hyper-V	Safe sandbox for learning
Cloud image	AWS, GCP, Azure, DigitalOcean	Production servers; use cloud-init
WSL2	Linux on Windows for development	Not identical to bare metal
Live USB	Try without installing	Persistence optional

Download ISOs from official sites only (ubuntu.com, debian.org, getfedora.org). Verify SHA256 checksums when provided.

  # Verify ISO checksum (on Linux/macOS)
sha256sum ubuntu-24.04-live-server-amd64.iso
# Compare output to published hash on download page

Typical Install Steps

Create bootable USB with dd, Rufus, or Etcher
Boot from USB; choose language, keyboard, and timezone
Partition disk — Erase disk for dedicated machines, manual layout for dual-boot
Create a user account (avoid daily use as root)
Install bootloader (GRUB) and reboot
Remove install media when prompted

Recommended Partitions (manual layout)

Mount	Size (guideline)	Purpose
`/boot/efi`	512 MB–1 GB	UEFI boot (GPT systems)
`/boot`	1 GB	Separate if using LVM encryption
`/`	20–40 GB	Root filesystem
`/home`	remainder	User data (survives OS reinstall)
swap	1–2× RAM or zswap	Hibernation / low-memory safety

For servers, a single / partition is often sufficient. Separate /var helps when logs grow unbounded.

  # After install — verify partitions
lsblk -f
df -h

  # Update system immediately (Debian/Ubuntu)
sudo apt update && sudo apt upgrade -y

# Fedora/RHEL family
sudo dnf upgrade -y

# Check disk and memory
df -h
free -h
swapon --show

Set timezone and NTP sync:

  timedatectl
sudo timedatectl set-timezone America/New_York
sudo timedatectl set-ntp true

Post-Install Essentials

  # Common tools (Debian/Ubuntu)
sudo apt install -y curl wget git vim htop tree unzip \
    build-essential ca-certificates gnupg lsb-release

# Fedora/RHEL
sudo dnf install -y curl wget git vim htop tree unzip \
    gcc make ca-certificates

# Enable automatic security updates (Ubuntu)
sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

Create a sane .vimrc or install your preferred editor. Set EDITOR in ~/.bashrc.

SSH Access (servers and VMs)

  # Install and enable SSH server
sudo apt install openssh-server
sudo systemctl enable --now ssh

# Verify listening
ss -tlnp | grep :22

# Find IP address
ip -4 addr show | grep inet
hostname -I

Connect from another machine:

  ssh [email protected]
ssh -v user@host    # verbose for debugging

Cloud-Init First Boot

Cloud images (AWS, GCP) configure users, SSH keys, and packages via cloud-init:

  # Check cloud-init status
cloud-init status
sudo cat /var/log/cloud-init-output.log

# User data location
ls /var/lib/cloud/instance/

Do not manually fight cloud-init on cloud VMs — use user-data scripts or Terraform instead.

Secure the Fresh Install

  # Create sudo user if you installed as root-only
sudo adduser deploy
sudo usermod -aG sudo deploy

# Basic firewall (Ubuntu)
sudo ufw allow OpenSSH
sudo ufw enable

# Disable root SSH login (after key auth works)
sudo sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo systemctl reload ssh

Checklist before exposing to the internet:

Apply all updates
Strong passwords or SSH keys only
Firewall enabled with minimal open ports
Non-root daily account with sudo
Fail2ban or cloud-level brute-force protection

Best Practices

Practice	Reason
Use LTS for servers	Long support window, predictable upgrades
Separate `/home` on desktops	OS reinstall without losing data
Document partition layout	Recovery and resize planning
Snapshot VM before major changes	Fast rollback

Common Mistakes

Mistake	Consequence
No swap on small VPS	OOM killer terminates random processes
Single giant `/` without monitoring	Logs fill disk; entire system fails
Enabling SSH before firewall	Immediate brute-force attempts
Skipping updates on first boot	Known CVEs exploitable from day one

Troubleshooting

Boot failure after install: Boot from live USB, run fsck on partitions, verify GRUB installed to correct disk (efibootmgr -v on UEFI systems).

Cannot SSH after cloud launch: Check security group/firewall allows port 22; verify key pair matches; read cloud-init-output.log.

Wrong keyboard layout: sudo dpkg-reconfigure keyboard-configuration (Debian/Ubuntu).

Production Scenario

An ops team provisions Ubuntu 24.04 LTS on AWS with Terraform:

User-data installs nginx, sets hostname, adds SSH keys for deploy user
Post-boot Ansible hardens SSH, configures UFW, installs monitoring agent
Golden AMI baked monthly with security patches for faster scaling
Separate /var on 50 GB volume for log retention

First boot completes in under 3 minutes; the instance passes health checks before joining the load balancer.

A clean first boot sets the tone: patched system, non-root daily account, SSH ready, and firewall enforcing least-privilege network access.

Linux Distributions

The Bash Shell

Installation and First Login

Installation Options link

Typical Install Steps link

Recommended Partitions (manual layout) link

First Login link

Post-Install Essentials link

SSH Access (servers and VMs) link

Cloud-Init First Boot link

Secure the Fresh Install link

Best Practices link

Common Mistakes link

Troubleshooting link

Production Scenario link