Skip to content
CodeShare

Getting started

Initial system setup and secure remote access configuration using SSH keys and custom aliases.


  1. Update and upgrade

    Fetch the latest package lists and apply security patches.

    Terminal window
    sudo apt update && sudo apt upgrade -y

  2. Reboot

    Apply kernel updates and restart services to ensure a clean state.

    Terminal window
    sudo reboot

  3. SSH key management (client)

    Generate unique keys for each device to improve security and auditability.

    1. Generate named key

      Instead of the default name, label the key after the hostname (e.g., id_hp-laptop or id_macbook-pro).

      Terminal window
      ssh-keygen -t ed25519 -f ~/.ssh/id_{{HOSTNAME_VAR}}

    2. Copy key to server

      Use ssh-copy-id to automatically handle directory creation and permissions on the remote server.

      Terminal window
      ssh-copy-id -i ~/.ssh/id_{{HOSTNAME_VAR}} {{USERNAME_VAR}}@{{SERVER_IP_VAR}}

  4. Server security (host)

    Once your key is verified, disable password logins to prevent brute-force attacks.

    1. Install SSH server

      Ensure the OpenSSH server is installed and active.

      Terminal window
      sudo apt install openssh-server -y && sudo systemctl enable --now ssh

    2. Configure SSH daemon

      Edit the server configuration to enforce key-based authentication.

      Terminal window
      sudo nano /etc/ssh/sshd_config
      /etc/ssh/sshd_config
      # Disable password auth
      PasswordAuthentication no
      

      # Prevent root login entirely
      PermitRootLogin no
      

      # Custom SSH port (optional)
      Port 2222
      

      # Only allow specific users (optional)
      AllowUsers {{USERNAME_VAR}} $USERNAME2 $USERNAME3

    3. Verify and restart

      Always check the status before exiting to ensure you aren’t locked out.

      Terminal window
      sudo systemctl restart ssh && systemctl status ssh

  5. SSH client (local)

    Simplify your workflow by creating aliases. This allows you to type ssh $ALIAS_NAME instead of remembering IPs and key paths.

    1. Edit config

      Open (or create) the SSH config file on your local machine.

      Terminal window
      nano ~/.ssh/config

    2. Add host alias

      Define your server details. Now you can connect using just the alias name.

      ~/.ssh/config
      # Default settings for all hosts
      Host *
        ServerAliveInterval 60
        ServerAliveCountMax 5
      

      # Example host
      Host $ALIAS_NAME
        HostName {{SERVER_IP_VAR}}
        User {{USERNAME_VAR}}
        Port 2222
        IdentityFile ~/.ssh/id_{{HOSTNAME_VAR}}

    3. Connect via alias

      Test the new configuration.

      Terminal window
      ssh $ALIAS_NAME