Proxmox part 1: Installation and Setup
This post will detail how to install proxmox and perform the initial configuration. This is an abbreviated supplement to the main Proxmox install guide
- x86_64 CPU architecture (Intel and/or AMD 64 bit)
- VT-x (hardware acceleration for virtualization)
- VT-d or “directed IO”, for PCI passthrough support (optional)
- Wired ethernet for your LAN/WAN
Download Proxmox VE .iso image
Write the image to a USB drive with
dd or a tool like
Boot the USB drive installer in the target machine.
Install Proxmox VE (Graphical)
Click the Target
Options button, and change the
- If you have one drive, choose
- If you have two drives available, choose
- If you have three or more, choose
Use this ZFS size calculator to play around with various configurations.
- Select your Country, Time zone, and Keyboard layout.
- Choose a root password
- Enter your real email address, so that you receive notifications. (TODO: Requires setup of SMTP server later)
Choose the primary / management network interface (NIC)
Choose the fully qualified domain (host) name
Set a static IP address (and reserve it with your LAN DHCP server, using the MAC address).
Enter the upstream LAN gateway IP address.
Enter the upstream LAN DNS server IP address.
Finish the installation
Login to the proxmox dashboard
- Once the machine has rebooted, you will see the URL (and IP address) to access the dashboard printed on the console.
- Load the URL in your web browser, login with the username
rootand the password you chose during installation.
Setup SSH keys and secure properly
SSH is enabled by default, and you can login with the username
and the password is the password you chose during install. Because
passwords are less secure than SSH keys, that’s the next step: to
install your SSH key, and disable password authentication.
Create an SSH host entry in your workstation’s
(Change the Hostname
192.168.X.X to be the IP address of your Proxmox virtual machine.)
If you have not created an SSH identity on this workstation, you will need to
- From your workstation, run
ssh-copy-id proxmox, which will ask you to confirm the ssh key fingerprint, and for your remote password (chosen during install) to login to the Proxmox server via SSH. It will copy your SSH key to the server’s
authorized_keysfile, which will allow all future logins to be by key based authentication, instead of by password.
- SSH to the Proxmox host, run
ssh proxmox. Ensure that no password is required (except perhaps for unlocking your key file). You will now be in the root account of Proxmox, be careful!
- You need to edit the
/etc/ssh/sshd_configfile. The text editors
viare installed by default, or you can install other editors, for example
apt install emacs-nox.
- Disable password authentication - search for the line that says
PasswordAuthentication yes, which will be commented out with
#. Remove the
#to un-comment the line, and change the
/etc/ssh/sshd_configand close the editor.
- Restart ssh, run:
systemctl restart sshd
- Exit the SSH session, and test logging in and out again still works, using your SSH key.
- To test that
PasswordAuthenticationis really turned off, you can attempt to SSH again, with a bogus username, one that you know does not really exist:
$ ssh hunter1@proxmox-k3s-1
email@example.com: Permission denied (publickey).
The attempt should immediately fail and say
Permission denied (publickey), and if it
also does not ask you for a password, then you have successfully turned off
Disable Enterprise features and enable Community repository (optional)
By default, Proxmox expects that you are an enterprise, and that you have an enterprise license for Proxmox. If you do, skip this section. However, you may also use the Proxmox community version, without a license (and it is the same .iso image installer and method for both versions.) To switch between these versions, you must use different apt package repositories. If you wish to use Proxmox exclusively with the Community, non-enterprise version, follow the rest of this section.
- You will see a warning message
No valid subscription, which will nag you on each login unless you purchase an enterprise edition of Proxmox. Click
OKto freely use the community version.
- On the left-hand side of the screen, find the
Server Viewlist, click the Proxmox host in the list.
- Find the
Repositoriesscreen on the Node details screen.
- Find the
pve-enterpriserepository in the list, and click it.
- Click the
Disablebutton at the top of the list.
- You will see a message that says
No Proxmox VE repository is enabled.
Add, it will nag you about the license again, just click
No-Subscriptionin the Repository drop-down list, click
- You should now expect to to see this warning message:
The no-subscription repository is not recommended for production use.
By default the proxmox instance has an open firewall, but this can be made more
secure to only accept connections from specific sources, for example to lock
down to only being accessed from your workstation. This is particularly
important to do if you chose to use the
bridge network selection, in
virt-manager when you created the VM.
- In the
Server Viewlist, click the line that says
- On the datacenter screen, find the
- Click the
Addbutton to add firewall rules.
- There are default anti-lockout rules for port 22 and 8006, but only acessible from the same subnet. You should create your own rules for these ports so that you don’t lock yourself out.
The firewall is turned off by default. To enable the firewall, find the Firewall
Options submenu page, on the new screen double-click
at the top of the list. In the popup window, checkmark the box to enable the
firewall, then click
Firewall value should now show
You can discuss this blog on Matrix (Element): #blog-rymcg-tech:enigmacurry.com