Sankofa/docs/proxmox/SSH_SETUP_WITH_ENV.md

SSH Setup Using .env Credentials

Last Updated: 2024-12-19

Current Situation

The .env file contains:

• ✅ Proxmox API Tokens: PROXMOX_TOKEN_ML110_01 and PROXMOX_TOKEN_R630_01
• ✅ Proxmox Root Password: PROXMOX_ROOT_PASS (found in .env)

Understanding the Difference

API Tokens vs SSH Password

• API Tokens: Used for Proxmox API authentication (already in .env)

  • Format: root@pam!token-id=token-secret
  • Used for: API calls, automation scripts
  • Cannot be used for SSH

• SSH Password: Used for SSH authentication (needed for key setup)

  • The root user's password on Proxmox nodes
  • Used for: SSH login, ssh-copy-id, initial key setup
  • Not currently in .env

Options for SSH Setup

Option 1: Use Existing Password in .env (Already Available!)

The .env file already contains:

PROXMOX_ROOT_PASS=L@KERS2010

Scripts have been updated to use PROXMOX_ROOT_PASS.

Then use the automated script:

# Install sshpass (if not installed)
sudo apt-get install sshpass

# Run automated setup
./scripts/setup-ssh-with-password.sh

Option 2: Manual SSH Key Copy (Interactive)

# This will prompt for password
ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.10
ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.11

Option 3: Use Existing SSH Keys

If you already have SSH access configured:

# Test existing access
ssh root@192.168.11.10 'hostname'
ssh root@192.168.11.11 'hostname'

# If working, copy the new key
ssh root@192.168.11.10 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys' < ~/.ssh/sankofa_proxmox.pub
ssh root@192.168.11.11 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys' < ~/.ssh/sankofa_proxmox.pub

Option 4: Use Proxmox Web UI

1. Log in to Proxmox Web UI: https://ml110-01.sankofa.nexus:8006
2. Go to: Datacenter → Nodes → ML110-01 → Shell
3. Run commands to add SSH key:

   mkdir -p ~/.ssh
   chmod 700 ~/.ssh
   echo "YOUR_PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys
   chmod 600 ~/.ssh/authorized_keys
   

4. Repeat for R630-01

Recommended Approach

Step 1: Password Already in .env ✅

The .env file already contains PROXMOX_ROOT_PASS. Scripts are configured to use it.

Security Note: The .env file is in .gitignore, so it won't be committed. Ensure proper file permissions:

chmod 600 .env

Step 2: Install sshpass (for automation)

sudo apt-get install sshpass

Step 3: Run Automated Setup

./scripts/setup-ssh-with-password.sh

Current .env Contents

The .env file currently has:

• ✅ PROXMOX_TOKEN_ML110_01 - API token for ML110-01
• ✅ PROXMOX_TOKEN_R630_01 - API token for R630-01
• ✅ PROXMOX_USERNAME_ML110_01 - Username (root@pam)
• ✅ PROXMOX_USERNAME_R630_01 - Username (root@pam)
• ✅ PROXMOX_ROOT_PASS - Root password (for SSH) ✅

Quick Setup Commands

Password is Already in .env ✅

# Install sshpass (if not installed)
sudo apt-get install sshpass

# Run setup (uses PROXMOX_ROOT_PASS from .env)
./scripts/setup-ssh-with-password.sh

If Password is NOT Available

# Manual interactive copy (will prompt for password)
ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.10
ssh-copy-id -i ~/.ssh/sankofa_proxmox.pub root@192.168.11.11

# Or use Proxmox Web UI Shell to add key manually

Security Considerations

1. Password in .env:

   • ✅ File is in .gitignore (won't be committed)
   • ⚠️ Ensure file permissions: chmod 600 .env
   • ⚠️ Consider using SSH keys only (no password needed after initial setup)

2. After SSH Keys are Set Up:

   • You can remove password from .env if desired
   • SSH will work with keys only
   • More secure than password authentication

Verification

After setup, verify SSH works:

# Test ML110-01
ssh -i ~/.ssh/sankofa_proxmox root@192.168.11.10 'hostname'

# Test R630-01
ssh -i ~/.ssh/sankofa_proxmox root@192.168.11.11 'hostname'

Related Documentation

• Remaining Blockers Guide
• Blocker Priority Order
• Environment Variables