diff --git a/README.md b/README.md index 4ced314..26b04c2 100644 --- a/README.md +++ b/README.md @@ -67,4 +67,12 @@ To set up your own key and configure SOPS, follow the guide here: ➡️ [Managing Age Keys](docs/age-keys.md) +## 🔑 SSH Access + +Learn how to add your SSH key and test connectivity after provisioning: + +➡️ [SSH Access & Connectivity Test](docs/ssh-access.md) + + +xxx diff --git a/docs/ssh-access.md b/docs/ssh-access.md new file mode 100644 index 0000000..9b8ff0a --- /dev/null +++ b/docs/ssh-access.md @@ -0,0 +1,66 @@ +# 🔑 SSH Access & Connectivity Test + +RailianceHosts provisions Hetzner servers with your SSH key so you can log in securely (no passwords). Follow these steps to add your key and verify access. + +--- + +## 1) Add your SSH public key to the repo + +Place your **public key** inside the repo so Terraform can register and inject it into new servers: + +```bash +mkdir -p keys +cat ~/.ssh/id_ed25519.pub > keys/admin_ssh.pub +git add keys/admin_ssh.pub +git commit -m "Add admin SSH public key" +``` + +> Use your actual public key file if different (e.g., `~/.ssh/id_rsa.pub`). + +--- + +## 2) Provision a server + +Run Terraform (directly or via the Makefile helpers): + +```bash +make tf-apply +# or end-to-end: +make apply +``` + +This creates the server(s) and injects your `keys/admin_ssh.pub` for the `admin` user. + +--- + +## 3) Test connectivity + +After `tf-apply` finishes, note the server's IPv4 address from the output (or from Hetzner Console), then: + +```bash +ssh admin@ +``` + +If this is your first time connecting, accept the host fingerprint when prompted. + +Quick checks once connected: + +```bash +# confirm you are the admin user +whoami + +# confirm passwordless sudo (as configured by bootstrap) +sudo -n true && echo "sudo OK" || echo "sudo requires password" + +# optional: firewall status +sudo ufw status +``` + +--- + +## 4) Troubleshooting + +- **Permission denied (publickey):** Ensure your public key is in `keys/admin_ssh.pub` before provisioning and that you’re using the correct private key (`ssh -i ~/.ssh/id_ed25519 admin@` if necessary). +- **Different username:** The default user is `admin`. If you changed it in your inventory, use that username. +- **Stale SSH known_hosts entry:** If you recreated a server, remove the old key: `ssh-keygen -R ` and try again. +- **Cloud-init delay:** Right after creation, allow ~30–60 seconds for first-boot cloud-init to finish and sshd to reload.