Vish/homelab-optimized
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7cee5297c1434a6a31762fd51c69d6cd42774ba4
homelab-optimized/docs/infrastructure/SSH_ACCESS_GUIDE.md
Gitea Mirror Bot 7cee5297c1
Some checks failed
Documentation / Build Docusaurus (push) Failing after 7s
Details
Documentation / Deploy to GitHub Pages (push) Has been skipped
Details
Sanitized mirror from private repository - 2026-03-09 11:59:35 UTC
2026-03-09 11:59:35 +00:00

361 lines
6.9 KiB
Markdown
Raw Blame History

# SSH Access Guide for Homelab
This guide helps you set up secure SSH access to your homelab servers for deployment and management.
## 🎯 Overview
SSH access allows you to:
- **Deploy services directly** on servers
- **Troubleshoot issues** in real-time
- **Manage configurations** remotely
- **Transfer files** securely
- **Monitor services** and logs
## 🔑 Setting Up SSH Access
### Step 1: Generate SSH Key Pair
**On your local machine:**
```bash
# Generate a new SSH key (recommended: Ed25519)
ssh-keygen -t ed25519 -f ~/.ssh/homelab_key -C "your-email@example.com"
# Or use RSA if Ed25519 isn't supported
ssh-keygen -t rsa -b 4096 -f ~/.ssh/homelab_key -C "your-email@example.com"
# Set proper permissions
chmod 600 ~/.ssh/homelab_key
chmod 644 ~/.ssh/homelab_key.pub
```
### Step 2: Copy Public Key to Servers
**For each server in your homelab:**
```bash
# Copy public key to server (replace with your server details)
ssh-copy-id -i ~/.ssh/homelab_key.pub username@server-ip
# Or manually copy if ssh-copy-id isn't available
cat ~/.ssh/homelab_key.pub | ssh username@server-ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
```
### Step 3: Configure SSH Client
Create an SSH config file for easy access:
```bash
# Create/edit SSH config
nano ~/.ssh/config
```
**Add your homelab servers:**
```bash
# ~/.ssh/config
# Main Synology NAS (Atlantis)
Host atlantis
HostName 192.168.1.100
User admin
IdentityFile ~/.ssh/homelab_key
Port 22
ServerAliveInterval 60
# Secondary Synology NAS (Calypso)
Host calypso
HostName 192.168.1.101
User admin
IdentityFile ~/.ssh/homelab_key
Port 22
ServerAliveInterval 60
# Primary VM (Homelab VM)
Host homelab-vm
HostName 192.168.1.110
User ubuntu
IdentityFile ~/.ssh/homelab_key
Port 22
ServerAliveInterval 60
# Physical NUC (Concord)
Host concord-nuc
HostName 192.168.1.120
User ubuntu
IdentityFile ~/.ssh/homelab_key
Port 22
ServerAliveInterval 60
# Raspberry Pi (Edge device)
Host rpi5-vish
HostName 192.168.1.130
User pi
IdentityFile ~/.ssh/homelab_key
Port 22
ServerAliveInterval 60
```
**Set proper permissions:**
```bash
chmod 600 ~/.ssh/config
```
### Step 4: Test Connections
```bash
# Test connection to each server
ssh atlantis
ssh calypso
ssh homelab-vm
ssh concord-nuc
ssh rpi5-vish
```
## 🚀 SSH-Based Deployment Workflow
### Method 1: Direct Docker Compose Deployment
```bash
# Connect to target server
ssh atlantis
# Navigate to docker directory
cd /volume1/docker
# Create service directory
mkdir my-new-service
cd my-new-service
# Create docker-compose.yml
nano docker-compose.yml
# Deploy the service
docker compose up -d
# Check status
docker compose ps
```
### Method 2: Git-Based Deployment
```bash
# Connect to server
ssh homelab-vm
# Clone/update repository
git clone https://git.vish.gg/Vish/homelab.git
cd homelab
# Deploy specific service
docker compose -f hosts/vms/homelab-vm/my-service.yml up -d
```
### Method 3: Remote File Transfer
```bash
# Copy compose file to server
scp hosts/synology/atlantis/my-service.yml atlantis:/volume1/docker/
# Connect and deploy
ssh atlantis
cd /volume1/docker
docker compose -f my-service.yml up -d
```
## 🛠️ Common SSH Tasks for Homelab
### Service Management
```bash
# Check running containers
ssh atlantis "docker ps"
# View service logs
ssh atlantis "docker compose -f /volume1/docker/service/docker-compose.yml logs -f"
# Restart a service
ssh atlantis "docker compose -f /volume1/docker/service/docker-compose.yml restart"
# Update and restart service
ssh atlantis "cd /volume1/docker/service && docker compose pull && docker compose up -d"
```
### System Monitoring
```bash
# Check system resources
ssh homelab-vm "htop"
ssh homelab-vm "df -h"
ssh homelab-vm "free -h"
# Check Docker status
ssh atlantis "docker system df"
ssh atlantis "docker system prune -f"
```
### File Management
```bash
# Copy files to server
scp local-file.txt atlantis:/volume1/docker/service/
# Copy files from server
scp atlantis:/volume1/docker/service/config.yml ./
# Sync directories
rsync -avz --progress ./local-dir/ atlantis:/volume1/docker/service/
```
## 🔒 Security Best Practices
### SSH Key Security
```bash
# Use SSH agent for key management
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/homelab_key
# List loaded keys
ssh-add -l
# Remove keys from agent
ssh-add -D
```
### Server Hardening
**On each server, consider:**
```bash
# Disable password authentication (after key setup)
sudo nano /etc/ssh/sshd_config
# Set: PasswordAuthentication no
# Set: PubkeyAuthentication yes
# Restart SSH service
sudo systemctl restart sshd
# Change default SSH port (optional)
# Set: Port 2222
# Limit SSH access to specific users
# Set: AllowUsers yourusername
```
### Firewall Configuration
```bash
# Allow SSH through firewall
sudo ufw allow ssh
# Or for custom port:
sudo ufw allow 2222/tcp
# Enable firewall
sudo ufw enable
```
## 🚨 Troubleshooting SSH Issues
### Connection Problems
```bash
# Debug connection with verbose output
ssh -vvv atlantis
# Test specific port
ssh -p 22 atlantis
# Check if SSH service is running
ssh atlantis "sudo systemctl status sshd"
```
### Permission Issues
```bash
# Fix SSH directory permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_*
chmod 644 ~/.ssh/id_*.pub
chmod 600 ~/.ssh/config
chmod 600 ~/.ssh/authorized_keys
```
### Key Issues
```bash
# Remove old host key (if server changed)
ssh-keygen -R atlantis
ssh-keygen -R 192.168.1.100
# Test key authentication
ssh -i ~/.ssh/homelab_key -o PreferredAuthentications=publickey atlantis
```
## 📋 Quick Reference
### SSH Config Template
```bash
Host HOSTNAME
HostName IP_ADDRESS
User USERNAME
IdentityFile ~/.ssh/homelab_key
Port 22
ServerAliveInterval 60
ServerAliveCountMax 3
ConnectTimeout 10
```
### Common Commands
```bash
# Connect to server
ssh hostname
# Execute single command
ssh hostname "command"
# Copy files
scp file hostname:/path/
scp hostname:/path/file ./
# Port forwarding (access remote service locally)
ssh -L 8080:localhost:8080 hostname
# Background tunnel
ssh -f -N -L 8080:localhost:8080 hostname
```
### Server-Specific Paths
- **Synology NAS**: `/volume1/docker/`
- **Ubuntu VMs**: `/home/username/docker/` or `/opt/docker/`
- **Raspberry Pi**: `/home/pi/docker/`
## 🔗 Integration with Development Workflow
### Combined Git + SSH Workflow
```bash
# 1. Develop locally with validation
git add hosts/synology/atlantis/my-service.yml
git commit -m "feat: Add my-service"
git push
# 2. Deploy via SSH
ssh atlantis
cd /volume1/docker
git pull
docker compose -f ../homelab/hosts/synology/atlantis/my-service.yml up -d
# 3. Monitor deployment
docker compose ps
docker compose logs -f my-service
```
This gives you the best of both worlds: validated configurations and direct deployment control.
---
*With SSH access configured, you have full control over your homelab infrastructure while maintaining the safety of the GitOps workflow.*
Reference in New Issue View Git Blame Copy Permalink