Introduction
The first time I distractedly tried Ubuntu in 2012, I thought it had a terrible user experience and stopped using it after a few minutes. My impression of Raspbian in 2015 was just slightly better, and typing commands in the terminal still felt super clunky.
However, when I went back to Raspbian in 2019, I saw for the first time the colorful syntax highlighting in the nano
text editor, and understood that there are plenty of changes that can make using the terminal much more enjoyable.
After using Arch Linux extensively as my daily laptop and server OS, I want to share the little customization that I apply to every fresh installation to improve my user experience.
I run these commands as the “root” user unless otherwise specified.
Prerequisites
An existing Linux installation.
Apart from the Packages section, these changes can be applied to other Linux distributions like Ubuntu and Raspberry Pi OS (remember to replace pacman
and yay
with apt
).
To run commands, we need a terminal interface. This can be an SSH client (when the Linux device is remote), a desktop app like Konsole, or a Linux TTY.
To edit configuration files, we need a text editor like micro
or nano
, that can be installed by running:
From micro
, you can press Alt + g
to show the main keybindings.
System
Set the keyboard layout
I use an Italian keyboard, so I need Linux to map keys correctly:
Set the hostname
Fantasy is the limit!
Since Arch Linux in WSL is not using systemd
, I manually edit the hostname file:
Set the time zone
I first set the right timezone, and then I sync the time via the Internet:
If a device has a hardware clock, I also run:
Set the locale and language
I first open the file containing the locale settings to be generated:
Then I add at the beginning the languages I need:
Then I generate locale settings through this command:
Now that they are generated, I can use them:
For further configurations, I can set additional variables like “LC_TIME” in /etc/locale.conf
:
Add a swap file
If a device has only few GBs of RAM, I create a swap file to avoid out-of-memory issues:
Then, I enable the swap file and check that it is available:
Finally, I append a new line to the file system tab:
Add hosts aliases
I often reference other devices with their hostnames rather than their IP addresses:
Now I can run ssh MyServer
or ping cf
instead of entering IP addresses by hand.
Install a firewall
In the case of a server, a firewall is another security layer that sits between applications and external clients. I install nftables also on my laptop, to prevent accidentaly exposing services to other devices in a public network.
By default, only ping
and ssh
on port 22 will work out-of-the-box, so new rules must be added to expose services to external clients.
Users
Change the root password
It’s as easy as running:
This will change the password hash stored in /etc/shadow
Change the default user name
Arch Linux for ARM devices comes with a default “alarm” user and group with ID 1000, which I rename to “jack”:
Create a new user
Arch Linux for x86_64 devices doesn’t have any user other than “root”, so I create “jack” from scratch:
The “wheel” group above grants additional privileges, e.g. running sudo
.
Grant elevated privileges to normal users
If I need to make system-wide changes, there are two main options:
- log in as the root user and run commands normally
- log in as an unprivileged user, and prepend commands with
sudo
By default, only users in the group wheel
will be allowed to run sudo
.
I first install sudo
and modify its configuration:
I append this at the end:
These settings will require re-entering the user password just once every 30 minutes from the last time sudo
was run.
Packages
Improvements to Pacman
To enable parallel downloads, show colored output and progress bar in pacman
, I edit its configuration by running:
Improvements to Makepkg
When compiling packages from scratch, I store source files in /tmp/makepkg/
and use parallel compilation whenever possible:
Install Yay
I use yay
to install any package from the AUR and from the official repositories.
yay
is not available in the official Arch Linux repositories, I guess to highlight that AUR packages are community-maintained, meaning that anyone can upload malware there.For this reason, before installing a new AUR package, I suggest to check
To install AUR packages like yay
, I first need some utilities:
As an unprivileged user (e.g. jack), I then run:
From now on, I run yay
as jack instead of pacman
as root:
Clean package cache automatically
This periodic timer will clean pacman
cache once every week:
To also delete yay
cache, I run
Shell
Install ZSH
Instead of bash
, I use ZSH and some plugins:
I configure my ZSH by creating $HOME/.zshrc
as my jack user:
Then, I write inside:
I try the new shell to see if it works as expected:
Once everything works fine, I change the default shell for my jack user:
Custom commands
Sometimes I create short aliases and functions for commands I run often, or for which I don’t want to type all the flags every time.
I store them in a separate file, that I reference in my .zshrc
file:
Then I add my ZSH aliases and functions here:
For instance:
Third-party ZSH plugins
I use antidote to manage my ZSH plugins. First, I install it from the AUR:
On my ZSH configuration file, I add a new section:
I add my ZSH plugins to $HOME/.zsh_antidote.txt
:
The next time I launch a shell window, antidote
will download and activate these plugins.
Different prompt colors for root
I like to use a red interface when running commands as the root user.
As the root user, I copy my ZSH configuration file into root’s home directory:
And then I adjust the colors in the prompt session:
Physical CLI access
If I need to access a device through a Linux TTY (e.g. a problematic Raspberry Pi or laptop), I like to use a larger font, set the right keyboard layout, enable mouse commands, and disable the annoying beep sound.
Set font and keyboard layout
I first install Terminus Font:
Then I create the file “/etc/vconsole.conf” and select the appropriate keyboard layout:
Enable mouse
With gpm
, the mouse cursor will appear as a white rectangle instead of the typical arrow, but it can still be helpful to copy and paste:
Silence the beep sound
I find the beep sound annoying, so I silence it as soon as I can:
Remote CLI access
If I need to access a machine servers remotely, I always enable key authentication, set up measures against connection drop, and add a welcome message.
Use SSH keys instead of passwords
Client: generate a key pair
On my local PC, I generate an SSH key pair, adding a comment to specify the device I connect from:
The keys can be accessed by running ls -la $HOME/.ssh/
:
The file ending in “.pub” is the public key that must be sent to the server, while the one without extension is the private key that must not be shared.
To content of the public key can be shown with cat $HOME/.ssh/id_ed25519.pub
:
I login to my server using the usual password (for the last time):
Server: authorize the public key
As my unprivileged user (jack), I create on the server the file that contains my public keys:
I copy inside the content of the public key id_ed25519.pub
:
Key authentication should already be enabled on the server, you can check by running:
Client: check connectivity
I add my private key to my SSH client or SSH agent, depending on the client OS.
I open a new connection while keeping the previous one alive:
It should not prompt me anymore for my password, as the client is using the private key to authenticate.
Server: disable password login
Now I can tell the server to accept SSH keys as the only authentication method, by disabling password authentication.
On the server, I run:
Then, I add this setting or change it to “no”:
Client: backup the key pair
I highly recommend making a backup of your SSH private key, as you risk locking yourself out of the server if something happens to your client and you don’t have physical access.
If you lose your public key, you can still derive it from the private one by running:
Persist session even if the connection drops
Imagine running a remote system update through SSH, and suddenly the Wi-Fi / 5G network disconnects, or your laptop battery dies. You cannot resume an SSH session, so you risk missing important warnings from the update command.
Luckily, MoSh makes SSH connection persistent to network disconnections, and Tmux makes commands run in dedicated sessions, so I can easily resume in case of a client issue.
On the server, I install these programs with
On the client, I access via mosh
and tmux
instead of ssh
:
If you have a firewall on your server, be aware that MoSh uses UDP ports 60000-61000 for incoming connections, so they should be open.
Tmux key shortcuts can be daunting at first, so take a look at the Tmux cheatsheet.
I eventually adjusted my tmux configuration by creating $HOME/.tmux.conf
:
Custom welcome message
I like to give a bit of personality to each server with an ASCII art banner, that I create as /etc/profile.d/banner.sh
:
Every time I connect remotely, I am greeted by this:
Edit files with Nano
While I found micro
to have syntax highlighting and modern keybindings out of the box, I relied heavily on my customized nano
in the past years.
Highlight syntax
First of all, I install nano
with the syntax highlighting plugin:
Then, I fix a little bug that has been there for years:
Then I modify the global configuration file to enable syntax highlighting for all users (jack and root):
I write inside:
Then, I check that the keybindings and syntax highlighting work well:
Different colors for root
I like to use a red interface when editing files as the root user.
To do so, I created a configuration file for root:
And I write inside:
Other helpful commands
I use pkgfile
to find which package I should install before I can run a certain command:
I use tldr
to quickly understand how to use a certain command:
Wrap up
This list is long, perhaps too much. It would be unwise for a beginner to blindly apply all of these changes before even getting familiar with a Linux system.
I invite you to start from the things you find the most annoying or repetitive and find a way to fix or automate them. The Wiki and the Forum are great places to find resource and support.
You’ll be satisfied with the result earlier than you think, and your future self will be thankful for improving your setup without spending too much time doing that.