coulomb/railiance-infra
0
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

docs: added documentation about setting up ssh-access

Browse Source
This commit is contained in:
Bernd Worsch
2025-09-14 00:47:41 +02:00
parent ae128b14e5
commit 75af105f6c
2 changed files with 74 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -67,4 +67,12 @@ To set up your own key and configure SOPS, follow the guide here:
➡️ [Managing Age Keys](docs/age-keys.md)
## 🔑 SSH Access
Learn how to add your SSH key and test connectivity after provisioning:
➡️ [SSH Access & Connectivity Test](docs/ssh-access.md)
xxx

66
docs/ssh-access.md Normal file
View File

@@ -0,0 +1,66 @@
# 🔑 SSH Access & Connectivity Test
RailianceHosts provisions Hetzner servers with your SSH key so you can log in securely (no passwords). Follow these steps to add your key and verify access.
---
## 1) Add your SSH public key to the repo
Place your **public key** inside the repo so Terraform can register and inject it into new servers:
```bash
mkdir -p keys
cat ~/.ssh/id_ed25519.pub > keys/admin_ssh.pub
git add keys/admin_ssh.pub
git commit -m "Add admin SSH public key"
```
> Use your actual public key file if different (e.g., `~/.ssh/id_rsa.pub`).
---
## 2) Provision a server
Run Terraform (directly or via the Makefile helpers):
```bash
make tf-apply
# or end-to-end:
make apply
```
This creates the server(s) and injects your `keys/admin_ssh.pub` for the `admin` user.
---
## 3) Test connectivity
After `tf-apply` finishes, note the server's IPv4 address from the output (or from Hetzner Console), then:
```bash
ssh admin@<server-ip>
```
If this is your first time connecting, accept the host fingerprint when prompted.
Quick checks once connected:
```bash
# confirm you are the admin user
whoami
# confirm passwordless sudo (as configured by bootstrap)
sudo -n true && echo "sudo OK" || echo "sudo requires password"
# optional: firewall status
sudo ufw status
```
---
## 4) Troubleshooting
- **Permission denied (publickey):** Ensure your public key is in `keys/admin_ssh.pub` before provisioning and that youre using the correct private key (`ssh -i ~/.ssh/id_ed25519 admin@<ip>` if necessary).
- **Different username:** The default user is `admin`. If you changed it in your inventory, use that username.
- **Stale SSH known_hosts entry:** If you recreated a server, remove the old key: `ssh-keygen -R <server-ip>` and try again.
- **Cloud-init delay:** Right after creation, allow ~3060 seconds for first-boot cloud-init to finish and sshd to reload.