# SSH Connection Setup Guide ## On the Arch Linux ThinkPad (Server Side) ### 1. Install and Enable SSH Server ```bash # Install OpenSSH sudo pacman -S openssh # Enable and start SSH service sudo systemctl enable sshd sudo systemctl start sshd # Check if SSH is running sudo systemctl status sshd ``` ### 2. Configure SSH Server ```bash # Edit SSH configuration sudo nano /etc/ssh/sshd_config # Recommended security settings: # Port 22 (or change to custom port) # PermitRootLogin no # PasswordAuthentication yes (initially, then switch to key-based) # PubkeyAuthentication yes # Restart SSH after configuration changes sudo systemctl restart sshd ``` ### 3. Get the ThinkPad's IP Address ```bash # Find local IP address ip addr show # or hostname -I ``` ### 4. Configure Firewall (if using ufw) ```bash # Install and enable firewall sudo pacman -S ufw sudo ufw enable # Allow SSH connections sudo ufw allow ssh # or for custom port: sudo ufw allow 2222 ``` ## On WSL/Windows PC (Client Side) ### 1. Generate SSH Key Pair (if not already done) ```bash # Generate new SSH key ssh-keygen -t ed25519 -C "your-email@example.com" # Or use RSA if ed25519 not supported ssh-keygen -t rsa -b 4096 -C "your-email@example.com" # Keys will be saved to ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519.pub ``` ### 2. Copy Public Key to ThinkPad ```bash # Method 1: Using ssh-copy-id (easiest) ssh-copy-id username@thinkpad-ip-address # Method 2: Manual copy cat ~/.ssh/id_ed25519.pub | ssh username@thinkpad-ip-address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" # Method 3: SCP the key file scp ~/.ssh/id_ed25519.pub username@thinkpad-ip-address:~/.ssh/authorized_keys ``` ### 3. Test SSH Connection ```bash # Connect using password initially ssh username@thinkpad-ip-address # After key setup, should connect without password ssh username@thinkpad-ip-address ``` ### 4. Create SSH Config for Easy Access ```bash # Edit SSH config nano ~/.ssh/config # Add entry for ThinkPad Host thinkpad HostName thinkpad-ip-address User your-username Port 22 IdentityFile ~/.ssh/id_ed25519 # Now you can connect with: ssh thinkpad ``` ## Security Hardening (After Key-Based Auth Works) ### On ThinkPad: ```bash # Edit SSH config to disable password authentication sudo nano /etc/ssh/sshd_config # Basic hardening settings: # PasswordAuthentication no # PermitEmptyPasswords no # ChallengeResponseAuthentication no # PermitRootLogin no # Protocol 2 # Advanced hardening (optional): # Port 2222 # Change from default port 22 # MaxAuthTries 3 # ClientAliveInterval 300 # ClientAliveCountMax 2 # AllowUsers your-username # Restrict to specific users # Restart SSH sudo systemctl restart sshd ``` ### Additional Security Steps: - [ ] **Change SSH port**: Edit `Port 22` to custom port (e.g., `Port 2222`) - [ ] **Install fail2ban**: `sudo pacman -S fail2ban && sudo systemctl enable fail2ban` - [ ] **Configure firewall**: Update ufw rules for new SSH port if changed - [ ] **Set up dynamic DNS**: For remote access (DuckDNS, No-IP, Cloudflare) - [ ] **Consider VPN**: For secure remote access instead of exposing SSH ## Setting Up Hostname Resolution ### Method 1: Using /etc/hosts (Simple, Local Only) #### On WSL/Linux: ```bash # Edit hosts file sudo nano /etc/hosts # Add entry for ThinkPad 192.168.1.100 thinkpad 192.168.1.100 thinkpad.local # Now you can use: ssh username@thinkpad ``` #### On Windows: ```cmd # Edit hosts file (run as Administrator) notepad C:\Windows\System32\drivers\etc\hosts # Add the same entries: 192.168.1.100 thinkpad 192.168.1.100 thinkpad.local ``` ### Method 2: Set Static Hostname on ThinkPad ```bash # On ThinkPad, set a memorable hostname sudo hostnamectl set-hostname thinkpad # Edit /etc/hosts on ThinkPad to include itself sudo nano /etc/hosts # Add: 127.0.0.1 thinkpad thinkpad.local ``` ### Method 3: Router-Level DNS (Best for Multiple Devices) - Access your router's admin panel (usually 192.168.1.1 or 192.168.0.1) - Look for "DHCP Reservations" or "Static IP" settings - Assign a static IP to ThinkPad's MAC address - Set hostname in router's DNS settings ### Update SSH Config ```bash # Update ~/.ssh/config to use hostname nano ~/.ssh/config Host thinkpad HostName thinkpad # or thinkpad.local User your-username Port 22 IdentityFile ~/.ssh/id_ed25519 ``` ## Troubleshooting ### Common Issues: - **Connection refused**: Check if sshd is running, firewall allows SSH - **Permission denied**: Verify username/password, check authorized_keys permissions - **Key not working**: Ensure correct permissions on ~/.ssh (700) and authorized_keys (600) ### Debug Commands: ```bash # Check SSH service status sudo systemctl status sshd # View SSH logs sudo journalctl -u sshd # Test SSH config sudo sshd -t # Connect with verbose output ssh -v username@thinkpad-ip-address ```