To install Almalinux on a Raspberry Pi, we need to get the image first. There is a lot of information on the wiki of Almalinux. In my case, I downloaded the image and flashed a micro SD card with Balena Etcher.
When the operation completes, don’t put the SD card in the Raspberry Pi yet. By default, SSH is configured not to allow password logins. This is a good thing!
We need to add our username and SSH public key. To do this, we leverage cloud-init. We need to do this before we insert the SD card in the Pi, because the configuration will only be used at first boot.
Open the file user-data in the root of the card. It looks like this.
#cloud-config
#
# This is default cloud-init config file for AlmaLinux Raspberry Pi image.
#
# If you want additional customization, refer to cloud-init documentation and
# examples. Please note configurations written in this file will be usually
# applied only once at very first boot.
#
# https://cloudinit.readthedocs.io/en/latest/reference/examples.html
hostname: almalinux.local
ssh_pwauth: false
users:
- name: almalinux
groups: [ adm, systemd-journal ]
sudo: [ "ALL=(ALL) NOPASSWD:ALL" ]
lock_passwd: false
passwd: $6$EJCqLU5JAiiP5iSS$wRmPHYdotZEXa8OjfcSsJ/f1pAYTk0/OFHV1CGvcszwmk6YwwlZ/Lwg8nqjRT0SSKJIMh/3VuW5ZBz2DqYZ4c1
# Uncomment below to add your SSH public keys as YAML array
#ssh_authorized_keys:
#- ssh-ed25519 AAAAC3Nz...
We could change the field ssh_pwauth, but that would undermine the security of the installation. A better solution is to uncomment the ssh_authorized_keys and add our key.
Of course we can change the username and provide the hash for our password. To create a hash, run mkpasswd -m sha-512.
Save the file and start the Pi from the SD card. Wait a few minutes and you should be able to log in with your username and your certificate. Many settings can be controlled with cloud-init. Have a look at the read the docs site and the Almalinux wiki site.
)