2/3: Setting Up a Remote Connection.

Brian KingBrian King
3 min read

Containers are used to emulate operating systems and, unlike virtual machines, are lightweight because they can use resources from the host system and run processes that don't affect the host or other containers.

Prerequisites.

Creating, and Using, RSA Keys.

These steps will enable SSH connections to the remote container, across the LAN, without a username/password.

Creating an RSA Key Pair on the Local Workstation.

  • From the workstation terminal (CTRL + ALT + T), I start the ssh-agent:
eval "$(ssh-agent -s)"
  • I generate a pair of RSA keys called "/home/brian/.ssh/key-name" (where I replace "key-name" with the name of the remote container):
ssh-keygen -b 4096

NOTE: It is my convention to name RSA keys after the container or system on which they will be used.

  • I add the SSH key to my workstation account (where I replace "key-name" with the actual name of the ssh key):
ssh-add /home/brian/.ssh/key-name

Uploading a Public Key to the Remote Container.

  • From the workstation terminal (CTRL + ALT + T), I use "ssh-copy-id" to upload the locally-generated public key to the remote container (where I replace "container-name" with the actual name of the container):
ssh-copy-id -i /home/brian/.ssh/container-name.pub yt@192.168.?.?

NOTE: I replace the "?" with the actual IP address for the container.

Logging In to the Remote Container.

  • From the workstation terminal (CTRL + ALT + T), I login to the “yt” account of the remote container:
ssh 'yt@192.168.?.?'

NOTE: I replace the "?" with the actual IP address for the container.

'Hardening' the Container.

In the previous lab, I purposely 'softened' this container. It's not an ideal state, so this section deals with 'hardening up' the container again.

  • From the workstation terminal (CTRL + ALT + T) connected to the container, I open the "sshd_config" file:
sudo nano /etc/ssh/sshd_config
  • I add, and save, the following to the bottom of the "sshd_config" page:
PasswordAuthentication no
PermitRootLogin no
Protocol 2

NOTE: Another change I typically make is switching out the default port number of 22 for something less obvious, e.g. 4444 (which is also very obvious so don't use port 4444):

Port 4444
  • I restart the "ssh" service:
sudo systemctl restart ssh.service
  • I reboot the remote container:
sudo reboot

NOTE: Running the exit, sudo reboot, or sudo poweroff commands will close the connection to the remote homelab host.

  • Finally, I test the connection to the remote container:
ssh -p '4444' 'yt@192.168.?.?'

NOTE: I replace the -p(ort) number with the actual port defined in the "sshd_config" file, and replace the "?" with the IP address for the container.

Now that I have a local connection to the remote container, the last step is to harden the remote container.

And remember: Be safe, be kind, be awesome.

0
Subscribe to my newsletter

Read articles from Brian King directly inside your inbox. Subscribe to the newsletter, and don't miss out.

public keyprivate keysshd_configRSA KeysRemote Connection

Written by

Brian King
Brian King

Thank you for reading this post. My name is Brian and I'm a developer from New Zealand. I've been interested in computers since the early 1990s. My first language was QBASIC. (Things have changed since the days of MS-DOS.) I am the managing director of a one-man startup called Digital Core (NZ) Limited. I have accepted the "12 Startups in 12 Months" challenge so that DigitalCore will have income-generating products by April 2024. This blog will follow the "12 Startups" project during its design, development, and deployment, cover the Agile principles and the DevOps philosophy that is used by the "12 Startups" project, and delve into the world of AI, machine learning, deep learning, prompt engineering, and large language models. I hope you enjoyed this post and, if you did, I encourage you to explore some others I've written. And remember: The best technologies bring people together.