cal/claude-home
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity
df3d22b218
claude-home/patterns/networking/ssh-key-management.md
Cal Corum 704bad1547 CLAUDE: Add comprehensive SSH key management documentation 
- Add SSH key management patterns with dual-key strategy and NAS backup architecture
- Add complete SSH home lab setup implementation with scripts and configurations
- Add SSH troubleshooting reference with common issues and emergency procedures
- Update CLAUDE.md with SSH keyword triggers for automatic context loading
- Add .gitignore to exclude temporary files

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-08 21:02:46 -05:00

100 lines
3.2 KiB
Markdown
Raw Blame History

# SSH Key Management for Home Labs
## Overview
This document outlines best practices for managing SSH keys in home lab environments, focusing on security, reliability, and maintainability.
## Core Principles
### Dual-Key Strategy
- **Primary keys**: Daily use authentication
- **Emergency keys**: Backup access when primary keys fail
- **Separate key pairs**: Home network vs cloud servers
- **Multiple authorized keys**: Each server accepts both primary and emergency
### Key Lifecycle Management
- **Generation**: 4096-bit RSA keys with descriptive comments
- **Distribution**: Automated deployment with `ssh-copy-id`
- **Backup**: Centralized storage on NAS with recovery documentation
- **Rotation**: Annual for primary keys, bi-annual for emergency keys
- **Monitoring**: Monthly health checks and access verification
## Architecture Patterns
### Network Segmentation
```
Home Network (10.10.0.0/24)
├── Primary: ~/.ssh/homelab_rsa
├── Emergency: ~/.ssh/emergency_homelab_rsa
└── Wildcard config for easy access
Cloud Servers (Public IPs)
├── Primary: ~/.ssh/cloud_servers_rsa
├── Emergency: ~/.ssh/emergency_cloud_rsa
└── Individual host configurations
```
### Backup Strategy
```
NAS Storage: /mnt/NV2/ssh-keys/
├── backup-YYYYMMDD-HHMMSS/
│ ├── All key pairs (*.rsa, *.rsa.pub)
│ ├── SSH config
│ └── RECOVERY_INSTRUCTIONS.md
└── maintenance-YYYYMMDD-HHMMSS/
├── Current state backup
├── Key health report
└── MAINTENANCE_REPORT.md
```
## Security Considerations
### Authentication Methods
- **Eliminate password authentication** after key deployment
- **Use key-based authentication** exclusively
- **Deploy multiple keys** per server for redundancy
- **Maintain console access** as ultimate fallback
### Access Control
- **User-specific keys** (avoid root when possible)
- **Service-specific aliases** for organized access
- **Strict host key checking** for unknown servers
- **Accept-new policy** for trusted home network
### Key Protection
- **Proper file permissions** (600 for private keys)
- **No passphrase** for automation (home lab context)
- **Regular backup verification**
- **Secure storage location** on NAS
## Maintenance Practices
### Automated Monitoring
- **Monthly maintenance script** via cron
- **Key health verification**
- **Connection testing**
- **Backup rotation** (keep 10 most recent)
- **Age-based rotation alerts**
### Recovery Procedures
- **Emergency key deployment** for immediate access
- **NAS backup restoration** for complete recovery
- **Console access documentation** for worst-case scenarios
- **Provider web console** access for cloud servers
## Implementation Guidelines
1. **Start with key generation** using standardized naming
2. **Deploy primary keys first** and test thoroughly
3. **Add emergency keys** to all servers
4. **Configure SSH client** with aliases and settings
5. **Implement backup strategy** with NAS storage
6. **Schedule maintenance automation**
7. **Document recovery procedures**
8. **Test emergency access regularly**
## Related Documentation
- Implementation: `examples/networking/ssh-homelab-setup.md`
- Troubleshooting: `reference/networking/ssh-troubleshooting.md`
- Security patterns: `patterns/networking/security.md`
Reference in New Issue View Git Blame Copy Permalink