From 9314b71b6aaab2244293583938d3d5df12f18e8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krejczinger=20=C3=81rp=C3=A1d?= Date: Tue, 29 Jul 2025 21:42:44 +0200 Subject: [PATCH] Complete Arch Linux installation and SSH setup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Mark Arch Linux installation as completed on ThinkPad - Configure SSH access with hostname resolution (homelab) - Add comprehensive SSH setup guide with security hardening - Document network planning and self-hosted services options - Update progress tracking in README and installation notes 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- README.md | 9 +- arch-install-notes.md | 28 ++++--- ssh-setup-guide.md | 191 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 211 insertions(+), 17 deletions(-) create mode 100644 ssh-setup-guide.md diff --git a/README.md b/README.md index 4f5988a..6552e0d 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,8 @@ Setting up a personal homelab using a ThinkPad laptop running Arch Linux to move away from cloud providers like Google. ## Goals -- [ ] Linux installation (Arch Linux on ThinkPad) -- [ ] SSH remote access +- [x] Linux installation (Arch Linux on ThinkPad) +- [x] SSH remote access (hostname: homelab) - [ ] Network domain setup - [ ] Self-hosted cloud storage (ownCloud/Nextcloud) - [ ] Self-hosted git repository (Gitea/Forgejo/GitLab) @@ -20,5 +20,6 @@ Setting up a personal homelab using a ThinkPad laptop running Arch Linux to move - Need to collect tips and inspiration from this video ## Current Status -- Downloading Arch Linux ISO -- Planning initial setup phase \ No newline at end of file +- ✅ Arch Linux installed on ThinkPad +- ✅ SSH access configured (accessible as `homelab`) +- Next: Set up dotfiles and begin service planning \ No newline at end of file diff --git a/arch-install-notes.md b/arch-install-notes.md index 18e52c5..1874d58 100644 --- a/arch-install-notes.md +++ b/arch-install-notes.md @@ -1,23 +1,23 @@ # Arch Linux Installation Notes ## Pre-Installation Checklist -- [ ] Download Arch Linux ISO -- [ ] Create bootable USB drive -- [ ] Backup any important data on ThinkPad -- [ ] Note ThinkPad hardware specs for driver compatibility +- [x] Download Arch Linux ISO +- [x] Create bootable USB drive +- [x] Backup any important data on ThinkPad +- [x] Note ThinkPad hardware specs for driver compatibility ## Installation Steps ### Boot and Initial Setup -- [ ] Boot from USB -- [ ] Set keyboard layout if needed: `loadkeys us` -- [ ] Verify UEFI boot: `ls /sys/firmware/efi/efivars` -- [ ] Connect to internet (wifi-menu or ethernet) +- [x] Boot from USB +- [x] Set keyboard layout if needed: `loadkeys us` +- [x] Verify UEFI boot: `ls /sys/firmware/efi/efivars` +- [x] Connect to internet (wifi-menu or ethernet) ### Partitioning -- [ ] List disks: `fdisk -l` -- [ ] Create partitions (EFI, swap, root) -- [ ] Format partitions -- [ ] Mount filesystems +- [x] List disks: `fdisk -l` +- [x] Create partitions (EFI, swap, root) +- [x] Format partitions +- [x] Mount filesystems ### Base System Installation - [ ] Update package database: `pacman -Sy` @@ -36,8 +36,10 @@ ## Post-Installation Priorities - [ ] Install essential packages (git, base-devel) +- [ ] Set up AUR access +- [ ] Install Deskflow - [ ] Install and configure yadm: `pacman -S yadm` - [ ] Clone dotfiles: `yadm clone ` - [ ] Install SSH server: `pacman -S openssh` - [ ] Enable SSH service: `systemctl enable sshd` -- [ ] Configure firewall \ No newline at end of file +- [ ] Configure firewall diff --git a/ssh-setup-guide.md b/ssh-setup-guide.md new file mode 100644 index 0000000..6a51f1d --- /dev/null +++ b/ssh-setup-guide.md @@ -0,0 +1,191 @@ +# SSH Connection Setup Guide + +## On the Arch Linux ThinkPad (Server Side) + +### 1. Install and Enable SSH Server +```bash +# Install OpenSSH +sudo pacman -S openssh + +# Enable and start SSH service +sudo systemctl enable sshd +sudo systemctl start sshd + +# Check if SSH is running +sudo systemctl status sshd +``` + +### 2. Configure SSH Server +```bash +# Edit SSH configuration +sudo nano /etc/ssh/sshd_config + +# Recommended security settings: +# Port 22 (or change to custom port) +# PermitRootLogin no +# PasswordAuthentication yes (initially, then switch to key-based) +# PubkeyAuthentication yes + +# Restart SSH after configuration changes +sudo systemctl restart sshd +``` + +### 3. Get the ThinkPad's IP Address +```bash +# Find local IP address +ip addr show +# or +hostname -I +``` + +### 4. Configure Firewall (if using ufw) +```bash +# Install and enable firewall +sudo pacman -S ufw +sudo ufw enable + +# Allow SSH connections +sudo ufw allow ssh +# or for custom port: sudo ufw allow 2222 +``` + +## On WSL/Windows PC (Client Side) + +### 1. Generate SSH Key Pair (if not already done) +```bash +# Generate new SSH key +ssh-keygen -t ed25519 -C "your-email@example.com" + +# Or use RSA if ed25519 not supported +ssh-keygen -t rsa -b 4096 -C "your-email@example.com" + +# Keys will be saved to ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519.pub +``` + +### 2. Copy Public Key to ThinkPad +```bash +# Method 1: Using ssh-copy-id (easiest) +ssh-copy-id username@thinkpad-ip-address + +# Method 2: Manual copy +cat ~/.ssh/id_ed25519.pub | ssh username@thinkpad-ip-address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" + +# Method 3: SCP the key file +scp ~/.ssh/id_ed25519.pub username@thinkpad-ip-address:~/.ssh/authorized_keys +``` + +### 3. Test SSH Connection +```bash +# Connect using password initially +ssh username@thinkpad-ip-address + +# After key setup, should connect without password +ssh username@thinkpad-ip-address +``` + +### 4. Create SSH Config for Easy Access +```bash +# Edit SSH config +nano ~/.ssh/config + +# Add entry for ThinkPad +Host thinkpad + HostName thinkpad-ip-address + User your-username + Port 22 + IdentityFile ~/.ssh/id_ed25519 + +# Now you can connect with: ssh thinkpad +``` + +## Security Hardening (After Key-Based Auth Works) + +### On ThinkPad: +```bash +# Edit SSH config to disable password authentication +sudo nano /etc/ssh/sshd_config + +# Set these values: +# PasswordAuthentication no +# PermitEmptyPasswords no +# ChallengeResponseAuthentication no + +# Restart SSH +sudo systemctl restart sshd +``` + +## Setting Up Hostname Resolution + +### Method 1: Using /etc/hosts (Simple, Local Only) + +#### On WSL/Linux: +```bash +# Edit hosts file +sudo nano /etc/hosts + +# Add entry for ThinkPad +192.168.1.100 thinkpad +192.168.1.100 thinkpad.local + +# Now you can use: ssh username@thinkpad +``` + +#### On Windows: +```cmd +# Edit hosts file (run as Administrator) +notepad C:\Windows\System32\drivers\etc\hosts + +# Add the same entries: +192.168.1.100 thinkpad +192.168.1.100 thinkpad.local +``` + +### Method 2: Set Static Hostname on ThinkPad +```bash +# On ThinkPad, set a memorable hostname +sudo hostnamectl set-hostname thinkpad + +# Edit /etc/hosts on ThinkPad to include itself +sudo nano /etc/hosts +# Add: 127.0.0.1 thinkpad thinkpad.local +``` + +### Method 3: Router-Level DNS (Best for Multiple Devices) +- Access your router's admin panel (usually 192.168.1.1 or 192.168.0.1) +- Look for "DHCP Reservations" or "Static IP" settings +- Assign a static IP to ThinkPad's MAC address +- Set hostname in router's DNS settings + +### Update SSH Config +```bash +# Update ~/.ssh/config to use hostname +nano ~/.ssh/config + +Host thinkpad + HostName thinkpad # or thinkpad.local + User your-username + Port 22 + IdentityFile ~/.ssh/id_ed25519 +``` + +## Troubleshooting + +### Common Issues: +- **Connection refused**: Check if sshd is running, firewall allows SSH +- **Permission denied**: Verify username/password, check authorized_keys permissions +- **Key not working**: Ensure correct permissions on ~/.ssh (700) and authorized_keys (600) + +### Debug Commands: +```bash +# Check SSH service status +sudo systemctl status sshd + +# View SSH logs +sudo journalctl -u sshd + +# Test SSH config +sudo sshd -t + +# Connect with verbose output +ssh -v username@thinkpad-ip-address +``` \ No newline at end of file