Fix SSH password auth for Ubuntu cloud VMs
- Add step to fix cloud-init drop-in file that disables password auth - Update doc paths in Post-Creation section - Password auth is default for Echo6 (all machines behind VPN) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
880ff09c90
commit
89834796ff
1 changed files with 16 additions and 10 deletions
|
|
@ -151,18 +151,25 @@ ssh zvx@$VM_IP 'sudo apt-get update && sudo apt-get install -y \
|
||||||
sudo'
|
sudo'
|
||||||
```
|
```
|
||||||
|
|
||||||
## Step 8 — SSH Keys
|
## Step 8 — Enable Password Authentication
|
||||||
|
|
||||||
|
Ubuntu cloud images default to key-only SSH via a drop-in config. Enable password auth since all machines are behind VPN/local network.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Copy authorized_keys from an existing node
|
# Fix the cloud-init drop-in that disables password auth
|
||||||
scp root@data:/home/zvx/.ssh/authorized_keys /tmp/ak 2>/dev/null \
|
ssh zvx@$VM_IP 'echo "PasswordAuthentication yes" | sudo tee /etc/ssh/sshd_config.d/60-cloudimg-settings.conf'
|
||||||
|| scp root@utility:/home/zvx/.ssh/authorized_keys /tmp/ak 2>/dev/null
|
|
||||||
|
|
||||||
scp /tmp/ak zvx@$VM_IP:~/.ssh/authorized_keys
|
# Also set in main config for completeness
|
||||||
ssh zvx@$VM_IP 'chmod 600 ~/.ssh/authorized_keys'
|
ssh zvx@$VM_IP 'sudo sed -i "s/^#*PasswordAuthentication.*/PasswordAuthentication yes/" /etc/ssh/sshd_config'
|
||||||
rm -f /tmp/ak
|
ssh zvx@$VM_IP 'sudo sed -i "s/^#*KbdInteractiveAuthentication.*/KbdInteractiveAuthentication yes/" /etc/ssh/sshd_config'
|
||||||
|
ssh zvx@$VM_IP 'sudo systemctl restart ssh'
|
||||||
|
|
||||||
|
# Change the default password immediately
|
||||||
|
ssh zvx@$VM_IP 'passwd'
|
||||||
```
|
```
|
||||||
|
|
||||||
|
**Important:** Password authentication is the default for Echo6 infrastructure. All machines are protected by VPN (Headscale/Tailscale) and local network — key-only auth creates unnecessary friction for multi-machine access.
|
||||||
|
|
||||||
## Step 9 — NVIDIA Drivers (if GPU passthrough)
|
## Step 9 — NVIDIA Drivers (if GPU passthrough)
|
||||||
|
|
||||||
Skip if `INSTALL_NVIDIA=no`.
|
Skip if `INSTALL_NVIDIA=no`.
|
||||||
|
|
@ -261,7 +268,6 @@ docker exec headscale-standby headscale nodes list
|
||||||
|
|
||||||
## Post-Creation
|
## Post-Creation
|
||||||
|
|
||||||
1. Update `~/.claude/docs/infrastructure/environment.md` with the new VM's IP and Tailscale IP
|
1. Update `/home/zvx/projects/.ref/docs/hardware/environment.md` with the new VM's IP and Tailscale IP
|
||||||
2. Update `~/.claude/docs/infrastructure/services.md` once services are deployed
|
2. Update `/home/zvx/projects/.ref/docs/services/services.md` once services are deployed
|
||||||
3. Remove the cloud image ISO if disk space is tight: `ssh root@$PVE_HOST 'rm /var/lib/vz/template/iso/noble-server-cloudimg-amd64.img'`
|
3. Remove the cloud image ISO if disk space is tight: `ssh root@$PVE_HOST 'rm /var/lib/vz/template/iso/noble-server-cloudimg-amd64.img'`
|
||||||
4. Change the default password: `ssh zvx@$VM_IP 'passwd'`
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue