docs/proxmox/SSH_SETUP_WITH_ENV.md

# SSH Setup Using .env Credentials

**Last Updated**: 2024-12-19

## Current Situation

The `.env` file contains:
- ✅ **Proxmox API Tokens**: `PROXMOX_TOKEN_ML110_01` and `PROXMOX_TOKEN_R630_01`
- ✅ **Proxmox Root Password**: `PROXMOX_ROOT_PASS` (found in .env)

## Understanding the Difference

### API Tokens vs SSH Password

- **API Tokens**: Used for Proxmox API authentication (already in `.env`)
  - Format: `root@pam!token-id=token-secret`
  - Used for: API calls, automation scripts
  - **Cannot be used for SSH**

- **SSH Password**: Used for SSH authentication (needed for key setup)
  - The root user's password on Proxmox nodes
  - Used for: SSH login, `ssh-copy-id`, initial key setup
  - **Not currently in `.env`**

## Options for SSH Setup

### Option 1: Use Existing Password in .env (Already Available!)

The `.env` file already contains:
```bash
PROXMOX_ROOT_PASS=L@KERS2010
```

Scripts have been updated to use `PROXMOX_ROOT_PASS`.

Then use the automated script:
```bash
# Install sshpass (if not installed)
sudo apt-get install sshpass

# Run automated setup
./scripts/setup-ssh-with-password.sh
```

### Option 2: Manual SSH Key Copy (Interactive)

```bash
# This will prompt for password
ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.10
ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.11
```

### Option 3: Use Existing SSH Keys

If you already have SSH access configured:
```bash
# Test existing access
ssh root@192.168.11.10 'hostname'
ssh root@192.168.11.11 'hostname'

# If working, copy the new key
ssh root@192.168.11.10 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys' < ~/.ssh/sankofa_proxmox.pub
ssh root@192.168.11.11 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys' < ~/.ssh/sankofa_proxmox.pub
```

### Option 4: Use Proxmox Web UI

1. Log in to Proxmox Web UI: https://ml110-01.sankofa.nexus:8006
2. Go to: **Datacenter** → **Nodes** → **ML110-01** → **Shell**
3. Run commands to add SSH key:
   ```bash
   mkdir -p ~/.ssh
   chmod 700 ~/.ssh
   echo "YOUR_PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys
   chmod 600 ~/.ssh/authorized_keys
   ```
4. Repeat for R630-01

## Recommended Approach

### Step 1: Password Already in .env ✅

The `.env` file already contains `PROXMOX_ROOT_PASS`. Scripts are configured to use it.

**Security Note**: The `.env` file is in `.gitignore`, so it won't be committed. Ensure proper file permissions:
```bash
chmod 600 .env
```

### Step 2: Install sshpass (for automation)

```bash
sudo apt-get install sshpass
```

### Step 3: Run Automated Setup

```bash
./scripts/setup-ssh-with-password.sh
```

## Current .env Contents

The `.env` file currently has:
- ✅ `PROXMOX_TOKEN_ML110_01` - API token for ML110-01
- ✅ `PROXMOX_TOKEN_R630_01` - API token for R630-01
- ✅ `PROXMOX_USERNAME_ML110_01` - Username (root@pam)
- ✅ `PROXMOX_USERNAME_R630_01` - Username (root@pam)
- ✅ `PROXMOX_ROOT_PASS` - **Root password** (for SSH) ✅

## Quick Setup Commands

### Password is Already in .env ✅

```bash
# Install sshpass (if not installed)
sudo apt-get install sshpass

# Run setup (uses PROXMOX_ROOT_PASS from .env)
./scripts/setup-ssh-with-password.sh
```

### If Password is NOT Available

```bash
# Manual interactive copy (will prompt for password)
ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.10
ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.11

# Or use Proxmox Web UI Shell to add key manually
```

## Security Considerations

1. **Password in .env**: 
   - ✅ File is in `.gitignore` (won't be committed)
   - ⚠️ Ensure file permissions: `chmod 600 .env`
   - ⚠️ Consider using SSH keys only (no password needed after initial setup)

2. **After SSH Keys are Set Up**:
   - You can remove password from `.env` if desired
   - SSH will work with keys only
   - More secure than password authentication

## Verification

After setup, verify SSH works:

```bash
# Test ML110-01
ssh -i ~/.ssh/sankofa_proxmox root@192.168.11.10 'hostname'

# Test R630-01
ssh -i ~/.ssh/sankofa_proxmox root@192.168.11.11 'hostname'
```

## Related Documentation

- [Remaining Blockers Guide](./REMAINING_BLOCKERS_GUIDE.md)
- [Blocker Priority Order](./BLOCKER_PRIORITY_ORDER.md)
- [Environment Variables](./ENVIRONMENT_VARIABLES.md)
Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements - Add comprehensive database migrations (001-024) for schema evolution - Enhance API schema with expanded type definitions and resolvers - Add new middleware: audit logging, rate limiting, MFA enforcement, security, tenant auth - Implement new services: AI optimization, billing, blockchain, compliance, marketplace - Add adapter layer for cloud integrations (Cloudflare, Kubernetes, Proxmox, storage) - Update Crossplane provider with enhanced VM management capabilities - Add comprehensive test suite for API endpoints and services - Update frontend components with improved GraphQL subscriptions and real-time updates - Enhance security configurations and headers (CSP, CORS, etc.) - Update documentation and configuration files - Add new CI/CD workflows and validation scripts - Implement design system improvements and UI enhancements 2025-12-12 18:01:35 -08:00			`# SSH Setup Using .env Credentials`

			`Last Updated: 2024-12-19`

			`## Current Situation`

			The `.env` file contains:
			- ✅ Proxmox API Tokens: `PROXMOX_TOKEN_ML110_01` and `PROXMOX_TOKEN_R630_01`
			- ✅ Proxmox Root Password: `PROXMOX_ROOT_PASS` (found in .env)

			`## Understanding the Difference`

			`### API Tokens vs SSH Password`

			- API Tokens: Used for Proxmox API authentication (already in `.env`)
			- Format: `root@pam!token-id=token-secret`
			`- Used for: API calls, automation scripts`
			`- Cannot be used for SSH`

			`- SSH Password: Used for SSH authentication (needed for key setup)`
			`- The root user's password on Proxmox nodes`
			- Used for: SSH login, `ssh-copy-id`, initial key setup
			- Not currently in `.env`

			`## Options for SSH Setup`

			`### Option 1: Use Existing Password in .env (Already Available!)`

			The `.env` file already contains:
			```bash
			`PROXMOX_ROOT_PASS=L@KERS2010`
			```

			Scripts have been updated to use `PROXMOX_ROOT_PASS`.

			`Then use the automated script:`
			```bash
			`# Install sshpass (if not installed)`
			`sudo apt-get install sshpass`

			`# Run automated setup`
			`./scripts/setup-ssh-with-password.sh`
			```

			`### Option 2: Manual SSH Key Copy (Interactive)`

			```bash
			`# This will prompt for password`
			`ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.10`
			`ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.11`
			```

			`### Option 3: Use Existing SSH Keys`

			`If you already have SSH access configured:`
			```bash
			`# Test existing access`
			`ssh root@192.168.11.10 'hostname'`
			`ssh root@192.168.11.11 'hostname'`

			`# If working, copy the new key`
			`ssh root@192.168.11.10 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys' < ~/.ssh/sankofa_proxmox.pub`
			`ssh root@192.168.11.11 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys' < ~/.ssh/sankofa_proxmox.pub`
			```

			`### Option 4: Use Proxmox Web UI`

			`1. Log in to Proxmox Web UI: https://ml110-01.sankofa.nexus:8006`
			`2. Go to: Datacenter → Nodes → ML110-01 → Shell`
			`3. Run commands to add SSH key:`
			```bash
			`mkdir -p ~/.ssh`
			`chmod 700 ~/.ssh`
			`echo "YOUR_PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys`
			`chmod 600 ~/.ssh/authorized_keys`
			```
			`4. Repeat for R630-01`

			`## Recommended Approach`

			`### Step 1: Password Already in .env ✅`

			The `.env` file already contains `PROXMOX_ROOT_PASS`. Scripts are configured to use it.

			Security Note: The `.env` file is in `.gitignore`, so it won't be committed. Ensure proper file permissions:
			```bash
			`chmod 600 .env`
			```

			`### Step 2: Install sshpass (for automation)`

			```bash
			`sudo apt-get install sshpass`
			```

			`### Step 3: Run Automated Setup`

			```bash
			`./scripts/setup-ssh-with-password.sh`
			```

			`## Current .env Contents`

			The `.env` file currently has:
			- ✅ `PROXMOX_TOKEN_ML110_01` - API token for ML110-01
			- ✅ `PROXMOX_TOKEN_R630_01` - API token for R630-01
			- ✅ `PROXMOX_USERNAME_ML110_01` - Username (root@pam)
			- ✅ `PROXMOX_USERNAME_R630_01` - Username (root@pam)
			- ✅ `PROXMOX_ROOT_PASS` - Root password (for SSH) ✅

			`## Quick Setup Commands`

			`### Password is Already in .env ✅`

			```bash
			`# Install sshpass (if not installed)`
			`sudo apt-get install sshpass`

			`# Run setup (uses PROXMOX_ROOT_PASS from .env)`
			`./scripts/setup-ssh-with-password.sh`
			```

			`### If Password is NOT Available`

			```bash
			`# Manual interactive copy (will prompt for password)`
			`ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.10`
			`ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.11`

			`# Or use Proxmox Web UI Shell to add key manually`
			```

			`## Security Considerations`

			`1. Password in .env:`
			- ✅ File is in `.gitignore` (won't be committed)
			- ⚠️ Ensure file permissions: `chmod 600 .env`
			`- ⚠️ Consider using SSH keys only (no password needed after initial setup)`

			`2. After SSH Keys are Set Up:`
			- You can remove password from `.env` if desired
			`- SSH will work with keys only`
			`- More secure than password authentication`

			`## Verification`

			`After setup, verify SSH works:`

			```bash
			`# Test ML110-01`
			`ssh -i ~/.ssh/sankofa_proxmox root@192.168.11.10 'hostname'`

			`# Test R630-01`
			`ssh -i ~/.ssh/sankofa_proxmox root@192.168.11.11 'hostname'`
			```

			`## Related Documentation`

			`- [Remaining Blockers Guide](./REMAINING_BLOCKERS_GUIDE.md)`
			`- [Blocker Priority Order](./BLOCKER_PRIORITY_ORDER.md)`
			`- [Environment Variables](./ENVIRONMENT_VARIABLES.md)`