2/3: Setting Up a Remote Connection.

Brian King's photo
Brian King
May 20, 2023·

3 min read

Creating, and Using, RSA Keys.

These steps will enable SSH connections to the remote container, across the LAN, without a username/password.

Creating an RSA Key Pair on the Local Workstation.

  • From the workstation terminal (CTRL + ALT + T), I start the ssh-agent:
eval "$(ssh-agent -s)"
  • I generate a pair of RSA keys called "/home/brian/.ssh/key-name" (where I replace "key-name" with the name of the remote container):
ssh-keygen -b 4096

NOTE: It is my convention to name RSA keys after the container or system on which they will be used.

  • I add the SSH key to my workstation account (where I replace "key-name" with the actual name of the ssh key):
ssh-add /home/brian/.ssh/key-name

Uploading a Public Key to the Remote Container.

  • From the workstation terminal (CTRL + ALT + T), I use "ssh-copy-id" to upload the locally-generated public key to the remote container (where I replace "container-name" with the actual name of the container):
ssh-copy-id -i /home/brian/.ssh/container-name.pub brian@192.168.?.?

NOTE: I replace the "?" with the actual IP address for the container.

Logging In to the Remote Container.

  • From the workstation terminal (CTRL + ALT + T), I login to the “brian” account of the remote container:
ssh 'brian@192.168.?.?'

NOTE: I replace the "?" with the actual IP address for the container.

'Hardening' the Container.

In the previous lab, I purposely 'softened' this container. It's not an ideal state, so this section deals with 'hardening up' the container again.

  • From the workstation terminal (CTRL + ALT + T) connected to the container, I open the "sshd_config" file:
sudo nano /etc/ssh/sshd_config
  • I add, and save, the following to the bottom of the "sshd_config" page:
PasswordAuthentication no
PermitRootLogin no
Protocol 2

NOTE: Another change I typically make is switching out the default port number of 22 for something less obvious, e.g. 4444 (which is also very obvious so don't use port 4444):

Port 4444
  • I restart the "ssh" service:
sudo systemctl restart ssh.service
  • I reboot the remote container:
sudo reboot

NOTE: Running the exit, sudo reboot, or sudo poweroff commands will close the connection to the remote homelab host.

  • Finally, I test the connection to the remote container:
ssh -p '4444' 'brian@192.168.?.?'

NOTE: I replace the -p(ort) number with the actual port defined in the "sshd_config" file, and replace the "?" with the IP address for the container.

Now that I have a local connection to the remote container, the last step is to harden the remote container.

And remember: Be safe, be kind, be awesome.

public keyprivate keysshd_configRSA KeysRemote Connection