# SSH Setup Using .env Credentials **Last Updated**: 2024-12-19 ## Current Situation The `.env` file contains: - ✅ **Proxmox API Tokens**: `PROXMOX_TOKEN_ML110_01` and `PROXMOX_TOKEN_R630_01` - ✅ **Proxmox Root Password**: `PROXMOX_ROOT_PASS` (found in .env) ## Understanding the Difference ### API Tokens vs SSH Password - **API Tokens**: Used for Proxmox API authentication (already in `.env`) - Format: `root@pam!token-id=token-secret` - Used for: API calls, automation scripts - **Cannot be used for SSH** - **SSH Password**: Used for SSH authentication (needed for key setup) - The root user's password on Proxmox nodes - Used for: SSH login, `ssh-copy-id`, initial key setup - **Not currently in `.env`** ## Options for SSH Setup ### Option 1: Use Existing Password in .env (Already Available!) The `.env` file already contains: ```bash PROXMOX_ROOT_PASS=L@KERS2010 ``` Scripts have been updated to use `PROXMOX_ROOT_PASS`. Then use the automated script: ```bash # Install sshpass (if not installed) sudo apt-get install sshpass # Run automated setup ./scripts/setup-ssh-with-password.sh ``` ### Option 2: Manual SSH Key Copy (Interactive) ```bash # This will prompt for password ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.10 ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.11 ``` ### Option 3: Use Existing SSH Keys If you already have SSH access configured: ```bash # Test existing access ssh root@192.168.11.10 'hostname' ssh root@192.168.11.11 'hostname' # If working, copy the new key ssh root@192.168.11.10 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys' < ~/.ssh/sankofa_proxmox.pub ssh root@192.168.11.11 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys' < ~/.ssh/sankofa_proxmox.pub ``` ### Option 4: Use Proxmox Web UI 1. Log in to Proxmox Web UI: https://ml110-01.sankofa.nexus:8006 2. Go to: **Datacenter** → **Nodes** → **ML110-01** → **Shell** 3. Run commands to add SSH key: ```bash mkdir -p ~/.ssh chmod 700 ~/.ssh echo "YOUR_PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys ``` 4. Repeat for R630-01 ## Recommended Approach ### Step 1: Password Already in .env ✅ The `.env` file already contains `PROXMOX_ROOT_PASS`. Scripts are configured to use it. **Security Note**: The `.env` file is in `.gitignore`, so it won't be committed. Ensure proper file permissions: ```bash chmod 600 .env ``` ### Step 2: Install sshpass (for automation) ```bash sudo apt-get install sshpass ``` ### Step 3: Run Automated Setup ```bash ./scripts/setup-ssh-with-password.sh ``` ## Current .env Contents The `.env` file currently has: - ✅ `PROXMOX_TOKEN_ML110_01` - API token for ML110-01 - ✅ `PROXMOX_TOKEN_R630_01` - API token for R630-01 - ✅ `PROXMOX_USERNAME_ML110_01` - Username (root@pam) - ✅ `PROXMOX_USERNAME_R630_01` - Username (root@pam) - ✅ `PROXMOX_ROOT_PASS` - **Root password** (for SSH) ✅ ## Quick Setup Commands ### Password is Already in .env ✅ ```bash # Install sshpass (if not installed) sudo apt-get install sshpass # Run setup (uses PROXMOX_ROOT_PASS from .env) ./scripts/setup-ssh-with-password.sh ``` ### If Password is NOT Available ```bash # Manual interactive copy (will prompt for password) ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.10 ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.11 # Or use Proxmox Web UI Shell to add key manually ``` ## Security Considerations 1. **Password in .env**: - ✅ File is in `.gitignore` (won't be committed) - ⚠️ Ensure file permissions: `chmod 600 .env` - ⚠️ Consider using SSH keys only (no password needed after initial setup) 2. **After SSH Keys are Set Up**: - You can remove password from `.env` if desired - SSH will work with keys only - More secure than password authentication ## Verification After setup, verify SSH works: ```bash # Test ML110-01 ssh -i ~/.ssh/sankofa_proxmox root@192.168.11.10 'hostname' # Test R630-01 ssh -i ~/.ssh/sankofa_proxmox root@192.168.11.11 'hostname' ``` ## Related Documentation - [Remaining Blockers Guide](./REMAINING_BLOCKERS_GUIDE.md) - [Blocker Priority Order](./BLOCKER_PRIORITY_ORDER.md) - [Environment Variables](./ENVIRONMENT_VARIABLES.md)