67 lines
1.9 KiB
Markdown
67 lines
1.9 KiB
Markdown
|
|
# 🔑 SSH Access & Connectivity Test
|
|||
|
|
|
|||
|
|
RailianceHosts provisions Hetzner servers with your SSH key so you can log in securely (no passwords). Follow these steps to add your key and verify access.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 1) Add your SSH public key to the repo
|
|||
|
|
|
|||
|
|
Place your **public key** inside the repo so Terraform can register and inject it into new servers:
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
mkdir -p keys
|
|||
|
|
cat ~/.ssh/id_ed25519.pub > keys/admin_ssh.pub
|
|||
|
|
git add keys/admin_ssh.pub
|
|||
|
|
git commit -m "Add admin SSH public key"
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
> Use your actual public key file if different (e.g., `~/.ssh/id_rsa.pub`).
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 2) Provision a server
|
|||
|
|
|
|||
|
|
Run Terraform (directly or via the Makefile helpers):
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
make tf-apply
|
|||
|
|
# or end-to-end:
|
|||
|
|
make apply
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
This creates the server(s) and injects your `keys/admin_ssh.pub` for the `admin` user.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 3) Test connectivity
|
|||
|
|
|
|||
|
|
After `tf-apply` finishes, note the server's IPv4 address from the output (or from Hetzner Console), then:
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
ssh admin@<server-ip>
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
If this is your first time connecting, accept the host fingerprint when prompted.
|
|||
|
|
|
|||
|
|
Quick checks once connected:
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
# confirm you are the admin user
|
|||
|
|
whoami
|
|||
|
|
|
|||
|
|
# confirm passwordless sudo (as configured by bootstrap)
|
|||
|
|
sudo -n true && echo "sudo OK" || echo "sudo requires password"
|
|||
|
|
|
|||
|
|
# optional: firewall status
|
|||
|
|
sudo ufw status
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 4) Troubleshooting
|
|||
|
|
|
|||
|
|
- **Permission denied (publickey):** Ensure your public key is in `keys/admin_ssh.pub` before provisioning and that you’re using the correct private key (`ssh -i ~/.ssh/id_ed25519 admin@<ip>` if necessary).
|
|||
|
|
- **Different username:** The default user is `admin`. If you changed it in your inventory, use that username.
|
|||
|
|
- **Stale SSH known_hosts entry:** If you recreated a server, remove the old key: `ssh-keygen -R <server-ip>` and try again.
|
|||
|
|
- **Cloud-init delay:** Right after creation, allow ~30–60 seconds for first-boot cloud-init to finish and sshd to reload.
|