Complete Arch Linux installation and SSH setup

- Mark Arch Linux installation as completed on ThinkPad
- Configure SSH access with hostname resolution (homelab)
- Add comprehensive SSH setup guide with security hardening
- Document network planning and self-hosted services options
- Update progress tracking in README and installation notes

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

README.md

@@ -4,8 +4,8 @@
 Setting up a personal homelab using a ThinkPad laptop running Arch Linux to move away from cloud providers like Google.
 
 ## Goals
-- [ ] Linux installation (Arch Linux on ThinkPad)
+- [x] Linux installation (Arch Linux on ThinkPad)
-- [ ] SSH remote access
+- [x] SSH remote access (hostname: homelab)
 - [ ] Network domain setup
 - [ ] Self-hosted cloud storage (ownCloud/Nextcloud)
 - [ ] Self-hosted git repository (Gitea/Forgejo/GitLab)
@@ -20,5 +20,6 @@ Setting up a personal homelab using a ThinkPad laptop running Arch Linux to move
   - Need to collect tips and inspiration from this video
 
 ## Current Status
-- Downloading Arch Linux ISO
+- ✅ Arch Linux installed on ThinkPad
-- Planning initial setup phase
+- ✅ SSH access configured (accessible as `homelab`)
+- Next: Set up dotfiles and begin service planning

arch-install-notes.md

@@ -1,23 +1,23 @@
 # Arch Linux Installation Notes
 
 ## Pre-Installation Checklist
-- [ ] Download Arch Linux ISO
+- [x] Download Arch Linux ISO
-- [ ] Create bootable USB drive
+- [x] Create bootable USB drive
-- [ ] Backup any important data on ThinkPad
+- [x] Backup any important data on ThinkPad
-- [ ] Note ThinkPad hardware specs for driver compatibility
+- [x] Note ThinkPad hardware specs for driver compatibility
 
 ## Installation Steps
 ### Boot and Initial Setup
-- [ ] Boot from USB
+- [x] Boot from USB
-- [ ] Set keyboard layout if needed: `loadkeys us`
+- [x] Set keyboard layout if needed: `loadkeys us`
-- [ ] Verify UEFI boot: `ls /sys/firmware/efi/efivars`
+- [x] Verify UEFI boot: `ls /sys/firmware/efi/efivars`
-- [ ] Connect to internet (wifi-menu or ethernet)
+- [x] Connect to internet (wifi-menu or ethernet)
 
 ### Partitioning
-- [ ] List disks: `fdisk -l`
+- [x] List disks: `fdisk -l`
-- [ ] Create partitions (EFI, swap, root)
+- [x] Create partitions (EFI, swap, root)
-- [ ] Format partitions
+- [x] Format partitions
-- [ ] Mount filesystems
+- [x] Mount filesystems
 
 ### Base System Installation
 - [ ] Update package database: `pacman -Sy`
@@ -36,8 +36,10 @@
 
 ## Post-Installation Priorities
 - [ ] Install essential packages (git, base-devel)
+- [ ] Set up AUR access
+- [ ] Install Deskflow
 - [ ] Install and configure yadm: `pacman -S yadm`
 - [ ] Clone dotfiles: `yadm clone <your-dotfiles-repo>`
 - [ ] Install SSH server: `pacman -S openssh`
 - [ ] Enable SSH service: `systemctl enable sshd`
-- [ ] Configure firewall
+- [ ] Configure firewall

ssh-setup-guide.md

@@ -0,0 +1,191 @@
+# SSH Connection Setup Guide
+
+## On the Arch Linux ThinkPad (Server Side)
+
+### 1. Install and Enable SSH Server
+```bash
+# Install OpenSSH
+sudo pacman -S openssh
+
+# Enable and start SSH service
+sudo systemctl enable sshd
+sudo systemctl start sshd
+
+# Check if SSH is running
+sudo systemctl status sshd
+```
+
+### 2. Configure SSH Server
+```bash
+# Edit SSH configuration
+sudo nano /etc/ssh/sshd_config
+
+# Recommended security settings:
+# Port 22 (or change to custom port)
+# PermitRootLogin no
+# PasswordAuthentication yes (initially, then switch to key-based)
+# PubkeyAuthentication yes
+
+# Restart SSH after configuration changes
+sudo systemctl restart sshd
+```
+
+### 3. Get the ThinkPad's IP Address
+```bash
+# Find local IP address
+ip addr show
+# or
+hostname -I
+```
+
+### 4. Configure Firewall (if using ufw)
+```bash
+# Install and enable firewall
+sudo pacman -S ufw
+sudo ufw enable
+
+# Allow SSH connections
+sudo ufw allow ssh
+# or for custom port: sudo ufw allow 2222
+```
+
+## On WSL/Windows PC (Client Side)
+
+### 1. Generate SSH Key Pair (if not already done)
+```bash
+# Generate new SSH key
+ssh-keygen -t ed25519 -C "your-email@example.com"
+
+# Or use RSA if ed25519 not supported
+ssh-keygen -t rsa -b 4096 -C "your-email@example.com"
+
+# Keys will be saved to ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519.pub
+```
+
+### 2. Copy Public Key to ThinkPad
+```bash
+# Method 1: Using ssh-copy-id (easiest)
+ssh-copy-id username@thinkpad-ip-address
+
+# Method 2: Manual copy
+cat ~/.ssh/id_ed25519.pub | ssh username@thinkpad-ip-address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
+
+# Method 3: SCP the key file
+scp ~/.ssh/id_ed25519.pub username@thinkpad-ip-address:~/.ssh/authorized_keys
+```
+
+### 3. Test SSH Connection
+```bash
+# Connect using password initially
+ssh username@thinkpad-ip-address
+
+# After key setup, should connect without password
+ssh username@thinkpad-ip-address
+```
+
+### 4. Create SSH Config for Easy Access
+```bash
+# Edit SSH config
+nano ~/.ssh/config
+
+# Add entry for ThinkPad
+Host thinkpad
+    HostName thinkpad-ip-address
+    User your-username
+    Port 22
+    IdentityFile ~/.ssh/id_ed25519
+
+# Now you can connect with: ssh thinkpad
+```
+
+## Security Hardening (After Key-Based Auth Works)
+
+### On ThinkPad:
+```bash
+# Edit SSH config to disable password authentication
+sudo nano /etc/ssh/sshd_config
+
+# Set these values:
+# PasswordAuthentication no
+# PermitEmptyPasswords no
+# ChallengeResponseAuthentication no
+
+# Restart SSH
+sudo systemctl restart sshd
+```
+
+## Setting Up Hostname Resolution
+
+### Method 1: Using /etc/hosts (Simple, Local Only)
+
+#### On WSL/Linux:
+```bash
+# Edit hosts file
+sudo nano /etc/hosts
+
+# Add entry for ThinkPad
+192.168.1.100  thinkpad
+192.168.1.100  thinkpad.local
+
+# Now you can use: ssh username@thinkpad
+```
+
+#### On Windows:
+```cmd
+# Edit hosts file (run as Administrator)
+notepad C:\Windows\System32\drivers\etc\hosts
+
+# Add the same entries:
+192.168.1.100  thinkpad
+192.168.1.100  thinkpad.local
+```
+
+### Method 2: Set Static Hostname on ThinkPad
+```bash
+# On ThinkPad, set a memorable hostname
+sudo hostnamectl set-hostname thinkpad
+
+# Edit /etc/hosts on ThinkPad to include itself
+sudo nano /etc/hosts
+# Add: 127.0.0.1  thinkpad thinkpad.local
+```
+
+### Method 3: Router-Level DNS (Best for Multiple Devices)
+- Access your router's admin panel (usually 192.168.1.1 or 192.168.0.1)
+- Look for "DHCP Reservations" or "Static IP" settings
+- Assign a static IP to ThinkPad's MAC address
+- Set hostname in router's DNS settings
+
+### Update SSH Config
+```bash
+# Update ~/.ssh/config to use hostname
+nano ~/.ssh/config
+
+Host thinkpad
+    HostName thinkpad  # or thinkpad.local
+    User your-username
+    Port 22
+    IdentityFile ~/.ssh/id_ed25519
+```
+
+## Troubleshooting
+
+### Common Issues:
+- **Connection refused**: Check if sshd is running, firewall allows SSH
+- **Permission denied**: Verify username/password, check authorized_keys permissions
+- **Key not working**: Ensure correct permissions on ~/.ssh (700) and authorized_keys (600)
+
+### Debug Commands:
+```bash
+# Check SSH service status
+sudo systemctl status sshd
+
+# View SSH logs
+sudo journalctl -u sshd
+
+# Test SSH config
+sudo sshd -t
+
+# Connect with verbose output
+ssh -v username@thinkpad-ip-address
+```