2/3: Setting Up a Remote Connection.

Or: Connecting, and Securing, Linux Containers.

2/3: Setting Up a Remote Connection.

Containers are used to emulate operating systems and, unlike virtual machines, are lightweight because they can use resources from the host system and run processes that don't affect the host or other containers.

Prerequisites.

Creating, and Using, RSA Keys.

These steps will enable SSH connections to the remote container, across the LAN, without a username/password.

Creating an RSA Key Pair on the Local Workstation.

  • From the workstation terminal (CTRL + ALT + T), I start the ssh-agent:
eval "$(ssh-agent -s)"
  • I generate a pair of RSA keys called "/home/brian/.ssh/key-name" (where I replace "key-name" with the name of the remote container):
ssh-keygen -b 4096

NOTE: It is my convention to name RSA keys after the container or system on which they will be used.

  • I add the SSH key to my workstation account (where I replace "key-name" with the actual name of the ssh key):
ssh-add /home/brian/.ssh/key-name

Uploading a Public Key to the Remote Container.

  • From the workstation terminal (CTRL + ALT + T), I use "ssh-copy-id" to upload the locally-generated public key to the remote container (where I replace "container-name" with the actual name of the container):
ssh-copy-id -i /home/brian/.ssh/container-name.pub yt@192.168.?.?

NOTE: I replace the "?" with the actual IP address for the container.

Logging In to the Remote Container.

  • From the workstation terminal (CTRL + ALT + T), I login to the “brian” account of the remote container:
ssh 'yt@192.168.?.?'

NOTE: I replace the "?" with the actual IP address for the container.

'Hardening' the Container.

In the previous lab, I purposely 'softened' this container. It's not an ideal state, so this section deals with 'hardening up' the container again.

  • From the workstation terminal (CTRL + ALT + T) connected to the container, I open the "sshd_config" file:
sudo nano /etc/ssh/sshd_config
  • I add, and save, the following to the bottom of the "sshd_config" page:
PasswordAuthentication no
PermitRootLogin no
Protocol 2

NOTE: Another change I typically make is switching out the default port number of 22 for something less obvious, e.g. 4444 (which is also very obvious so don't use port 4444):

Port 4444
  • I restart the "ssh" service:
sudo systemctl restart ssh.service
  • I reboot the remote container:
sudo reboot

NOTE: Running the exit, sudo reboot, or sudo poweroff commands will close the connection to the remote homelab host.

  • Finally, I test the connection to the remote container:
ssh -p '4444' 'yt@192.168.?.?'

NOTE: I replace the -p(ort) number with the actual port defined in the "sshd_config" file, and replace the "?" with the IP address for the container.

Now that I have a local connection to the remote container, the last step is to harden the remote container.

And remember: Be safe, be kind, be awesome.