cal/claude-home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a900f9c744
claude-home/networking/examples/ssh-key-management.md
Cal Corum 10c9e0d854 CLAUDE: Migrate to technology-first documentation architecture 
Complete restructure from patterns/examples/reference to technology-focused directories:

• Created technology-specific directories with comprehensive documentation:
  - /tdarr/ - Transcoding automation with gaming-aware scheduling
  - /docker/ - Container management with GPU acceleration patterns
  - /vm-management/ - Virtual machine automation and cloud-init
  - /networking/ - SSH infrastructure, reverse proxy, and security
  - /monitoring/ - System health checks and Discord notifications
  - /databases/ - Database patterns and troubleshooting
  - /development/ - Programming language patterns (bash, nodejs, python, vuejs)

• Enhanced CLAUDE.md with intelligent context loading:
  - Technology-first loading rules for automatic context provision
  - Troubleshooting keyword triggers for emergency scenarios
  - Documentation maintenance protocols with automated reminders
  - Context window management for optimal documentation updates

• Preserved valuable content from .claude/tmp/:
  - SSH security improvements and server inventory
  - Tdarr CIFS troubleshooting and Docker iptables solutions
  - Operational scripts with proper technology classification

• Benefits achieved:
  - Self-contained technology directories with complete context
  - Automatic loading of relevant documentation based on keywords
  - Emergency-ready troubleshooting with comprehensive guides
  - Scalable structure for future technology additions
  - Eliminated context bloat through targeted loading

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-12 23:20:15 -05:00

3.2 KiB
Raw Blame History

SSH Key Management for Home Labs

Overview

This document outlines best practices for managing SSH keys in home lab environments, focusing on security, reliability, and maintainability.

Core Principles

Dual-Key Strategy

  • Primary keys: Daily use authentication
  • Emergency keys: Backup access when primary keys fail
  • Separate key pairs: Home network vs cloud servers
  • Multiple authorized keys: Each server accepts both primary and emergency

Key Lifecycle Management

  • Generation: 4096-bit RSA keys with descriptive comments
  • Distribution: Automated deployment with ssh-copy-id
  • Backup: Centralized storage on NAS with recovery documentation
  • Rotation: Annual for primary keys, bi-annual for emergency keys
  • Monitoring: Monthly health checks and access verification

Architecture Patterns

Network Segmentation

Home Network (10.10.0.0/24)
├── Primary: ~/.ssh/homelab_rsa
├── Emergency: ~/.ssh/emergency_homelab_rsa
└── Wildcard config for easy access

Cloud Servers (Public IPs)
├── Primary: ~/.ssh/cloud_servers_rsa
├── Emergency: ~/.ssh/emergency_cloud_rsa
└── Individual host configurations

Backup Strategy

NAS Storage: /mnt/NV2/ssh-keys/
├── backup-YYYYMMDD-HHMMSS/
│   ├── All key pairs (*.rsa, *.rsa.pub)
│   ├── SSH config
│   └── RECOVERY_INSTRUCTIONS.md
└── maintenance-YYYYMMDD-HHMMSS/
    ├── Current state backup
    ├── Key health report
    └── MAINTENANCE_REPORT.md

Security Considerations

Authentication Methods

  • Eliminate password authentication after key deployment
  • Use key-based authentication exclusively
  • Deploy multiple keys per server for redundancy
  • Maintain console access as ultimate fallback

Access Control

  • User-specific keys (avoid root when possible)
  • Service-specific aliases for organized access
  • Strict host key checking for unknown servers
  • Accept-new policy for trusted home network

Key Protection

  • Proper file permissions (600 for private keys)
  • No passphrase for automation (home lab context)
  • Regular backup verification
  • Secure storage location on NAS

Maintenance Practices

Automated Monitoring

  • Monthly maintenance script via cron
  • Key health verification
  • Connection testing
  • Backup rotation (keep 10 most recent)
  • Age-based rotation alerts

Recovery Procedures

  • Emergency key deployment for immediate access
  • NAS backup restoration for complete recovery
  • Console access documentation for worst-case scenarios
  • Provider web console access for cloud servers

Implementation Guidelines

  1. Start with key generation using standardized naming
  2. Deploy primary keys first and test thoroughly
  3. Add emergency keys to all servers
  4. Configure SSH client with aliases and settings
  5. Implement backup strategy with NAS storage
  6. Schedule maintenance automation
  7. Document recovery procedures
  8. Test emergency access regularly

Related Documentation

  • Implementation: examples/networking/ssh-homelab-setup.md
  • Troubleshooting: reference/networking/ssh-troubleshooting.md
  • Security patterns: patterns/networking/security.md