{"id":26364954,"url":"https://github.com/kaalpanikh/ssh-remote-server-setup","last_synced_at":"2025-10-13T20:04:56.411Z","repository":{"id":275738980,"uuid":"927033130","full_name":"kaalpanikh/ssh-remote-server-setup","owner":"kaalpanikh","description":"Automated SSH remote server setup with secure key-based authentication and configuration.","archived":false,"fork":false,"pushed_at":"2025-03-03T11:32:37.000Z","size":6,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-03T11:35:17.974Z","etag":null,"topics":["automation","linux","remote-server","security","setup","ssh"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kaalpanikh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-04T09:41:16.000Z","updated_at":"2025-03-03T11:32:41.000Z","dependencies_parsed_at":"2025-02-04T10:40:52.644Z","dependency_job_id":null,"html_url":"https://github.com/kaalpanikh/ssh-remote-server-setup","commit_stats":null,"previous_names":["kaalpanikh/ssh-remote-server-setup"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaalpanikh%2Fssh-remote-server-setup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaalpanikh%2Fssh-remote-server-setup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaalpanikh%2Fssh-remote-server-setup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaalpanikh%2Fssh-remote-server-setup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kaalpanikh","download_url":"https://codeload.github.com/kaalpanikh/ssh-remote-server-setup/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243919318,"owners_count":20368867,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","linux","remote-server","security","setup","ssh"],"created_at":"2025-03-16T19:28:48.017Z","updated_at":"2025-10-13T20:04:51.373Z","avatar_url":"https://github.com/kaalpanikh.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# SSH Remote Server Setup\n\nThis project demonstrates how to set up a remote Linux server on AWS (using Amazon Linux), configure SSH access with two distinct SSH key pairs, and secure your server with optional tools such as fail2ban. The goal is to learn and practice basic server provisioning, SSH key management, and security best practices.\n\n**Project Page:** [SSH Remote Server Setup Project](https://roadmap.sh/projects/ssh-remote-server-setup)\n\n## Table of Contents\n\n- [Overview](#overview)\n- [Prerequisites](#prerequisites)\n- [Project Steps](#project-steps)\n - [1. Provisioning the Server](#1-provisioning-the-server)\n - [2. Generating SSH Key Pairs](#2-generating-ssh-key-pairs)\n - [3. Configuring the Server](#3-configuring-the-server)\n - [4. Configuring the Local SSH Client](#4-configuring-the-local-ssh-client)\n - [5. Securing the Server with fail2ban (Optional)](#5-securing-the-server-with-fail2ban-optional)\n- [Testing the Setup](#testing-the-setup)\n- [Notes \u0026 Best Practices](#notes--best-practices)\n- [References](#references)\n\n## Overview\n\nThis project walks you through:\n- Launching an EC2 instance with Amazon Linux.\n- Generating two SSH key pairs and adding their public keys to the server.\n- Configuring your local SSH client for simplified access using an alias.\n- (Optional) Installing and configuring fail2ban to prevent brute force attacks.\n\nBy completing this project, you gain practical experience in secure server administration and remote access configuration.\n\n### Project Architecture\n\n```mermaid\ngraph TD\n subgraph \"AWS Cloud\"\n EC2[\"Amazon Linux EC2 Instance\"]\n SG[\"Security Group\"]\n end\n \n subgraph \"Local Machine\"\n Key1[\"SSH Key Pair 1\"]\n Key2[\"SSH Key Pair 2\"] \n Config[\"SSH Config File\"]\n Client[\"SSH Client\"]\n end\n \n SG --\u003e|\"Allows Port 22\"| EC2\n Key1 --\u003e|\"Public Key\"| EC2\n Key2 --\u003e|\"Public Key\"| EC2\n Client --\u003e|\"SSH Connection\"| EC2\n Config --\u003e|\"Configures\"| Client\n\n style EC2 fill:#f9f,stroke:#333,stroke-width:2px\n style SG fill:#bbf,stroke:#333,stroke-width:1px\n style Key1 fill:#bfb,stroke:#333,stroke-width:1px\n style Key2 fill:#bfb,stroke:#333,stroke-width:1px\n```\n\n## Prerequisites\n\n- An AWS account.\n- Basic knowledge of Linux commands and SSH.\n- An SSH client installed on your local machine.\n- (Optional) AWS CLI for managing your AWS resources.\n\n## Project Steps\n\n### 1. Provisioning the Server\n\n```mermaid\nsequenceDiagram\n participant User\n participant AWS as AWS Console\n participant EC2 as EC2 Instance\n \n User-\u003e\u003eAWS: Create EC2 Instance\n AWS-\u003e\u003eEC2: Launch Amazon Linux\n AWS-\u003e\u003eEC2: Configure Security Group\n AWS-\u003e\u003eUser: Provide Initial Key Pair\n User-\u003e\u003eEC2: Initial SSH Connection\n Note over User,EC2: Using AWS-provided key pair\n```\n\n1. **Launch an EC2 Instance:**\n - **AMI:** Use Amazon Linux.\n - **Instance Type:** Select a t2.micro (free tier eligible).\n - **Security Group:** Open port 22 for SSH access (consider restricting the source IP).\n - **Key Pair for Initial Connection:** Use an AWS-provided key pair for your first login.\n\n2. **Initial Connection:**\n Connect to your instance using your AWS key pair. For example:\n ```bash\n ssh -i ~/.ssh/aws_key.pem ec2-user@34.207.140.198\n ```\n Replace `34.207.140.164` with your instance's public IP address.\n\n### 2. Generating SSH Key Pairs\n\n```mermaid\ngraph LR\n A[\"ssh-keygen command\"] --\u003e B[\"~/.ssh/my_first_key (Private)\"]\n A --\u003e C[\"~/.ssh/my_first_key.pub (Public)\"]\n A --\u003e D[\"~/.ssh/my_second_key (Private)\"]\n A --\u003e E[\"~/.ssh/my_second_key.pub (Public)\"]\n \n C --\u003e|\"Copy to server\"| F[\"~/.ssh/authorized_keys on server\"]\n E --\u003e|\"Copy to server\"| F\n \n style B fill:#f96,stroke:#333\n style D fill:#f96,stroke:#333\n style C fill:#9f6,stroke:#333\n style E fill:#9f6,stroke:#333\n style F fill:#69f,stroke:#333\n```\n\nGenerate two new SSH key pairs (separate from the AWS key):\n\n```bash\nssh-keygen -t rsa -b 4096 -f ~/.ssh/my_first_key -C \"first-key\"\nssh-keygen -t rsa -b 4096 -f ~/.ssh/my_second_key -C \"second-key\"\n```\n\n- **Note:** Keep your private keys secure and never commit them to a public repository.\n\n### 3. Configuring the Server\n\n1. **Add the Public Keys:**\n - Copy the contents of `~/.ssh/my_first_key.pub` and `~/.ssh/my_second_key.pub` from your local machine.\n - On the server, append these to the `~/.ssh/authorized_keys` file:\n ```bash\n nano ~/.ssh/authorized_keys\n ```\n Paste each key on a new line, then save and exit.\n\n2. **Set Correct Permissions:**\n ```bash\n chmod 700 ~/.ssh\n chmod 600 ~/.ssh/authorized_keys\n ```\n\n### 4. Configuring the Local SSH Client\n\n```mermaid\ngraph LR\n A[\"~/.ssh/config file\"] --\u003e|\"Contains\"| B[\"Host alias configuration\"]\n B --\u003e|\"Specifies\"| C[\"Connection details\"]\n C --\u003e|\"Includes\"| D[\"HostName (IP)\"]\n C --\u003e|\"Includes\"| E[\"User\"]\n C --\u003e|\"Includes\"| F[\"IdentityFile paths\"]\n \n G[\"ssh roadmapsh-test-server command\"] --\u003e|\"Uses\"| A\n G --\u003e|\"Connects to\"| H[\"Remote Server\"]\n \n style A fill:#bbf,stroke:#333\n style G fill:#bfb,stroke:#333\n style H fill:#f9f,stroke:#333\n```\n\nCreate or update your `~/.ssh/config` file with an alias for easy access. For example:\n\n```sshconfig\nHost roadmapsh-test-server\n HostName 34.207.196.064 # Replace with your instance's public IP\n User ec2-user # Adjust if your username is different (e.g., ubuntu)\n IdentityFile ~/.ssh/my_first_key\n IdentityFile ~/.ssh/my_second_key\n```\n\nNow, you can connect with a simple command:\n```bash\nssh roadmapsh-test-server\n```\n\n### 5. Securing the Server with fail2ban (Optional)\n\n```mermaid\nflowchart TD\n A[\"Install fail2ban\"] --\u003e B[\"Copy jail.conf to jail.local\"]\n B --\u003e C[\"Edit jail.local\"]\n C --\u003e D[\"Enable sshd jail\"]\n D --\u003e E[\"Restart fail2ban\"]\n E --\u003e F[\"Check status\"]\n \n G[\"SSH Brute Force Attempt\"] --\u003e|\"Blocked after 3 failures\"| H[\"fail2ban\"]\n H --\u003e|\"Updates\"| I[\"iptables rules\"]\n I --\u003e|\"Blocks\"| G\n \n style G fill:#f66,stroke:#333\n style H fill:#bbf,stroke:#333\n style I fill:#9f6,stroke:#333\n```\n\n1. **Update the Server:**\n ```bash\n sudo yum update -y\n ```\n\n2. **Install fail2ban:**\n ```bash\n sudo yum install fail2ban -y\n ```\n\n3. **Configure fail2ban:**\n - Copy the default configuration file:\n ```bash\n sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local\n ```\n - Edit `/etc/fail2ban/jail.local` to ensure the `[sshd]` section is enabled:\n ```ini\n [sshd]\n enabled = true\n port = ssh\n filter = sshd\n logpath = /var/log/secure # For Amazon Linux\n maxretry = 3\n ```\n\n4. **Restart fail2ban:**\n ```bash\n sudo systemctl restart fail2ban\n ```\n\n5. **Verify Status:**\n ```bash\n sudo fail2ban-client status sshd\n ```\n\n## Testing the Setup\n\n```mermaid\nsequenceDiagram\n participant User\n participant LocalSSH as Local SSH Client\n participant RemoteSSH as Remote SSH Server\n \n User-\u003e\u003eLocalSSH: ssh -i ~/.ssh/my_first_key ec2-user@IP\n LocalSSH-\u003e\u003eRemoteSSH: Authenticate with first key\n RemoteSSH-\u003e\u003eUser: Successful login\n \n User-\u003e\u003eLocalSSH: ssh -i ~/.ssh/my_second_key ec2-user@IP\n LocalSSH-\u003e\u003eRemoteSSH: Authenticate with second key\n RemoteSSH-\u003e\u003eUser: Successful login\n \n User-\u003e\u003eLocalSSH: ssh roadmapsh-test-server\n LocalSSH-\u003e\u003eRemoteSSH: Try first key, then second key\n RemoteSSH-\u003e\u003eUser: Successful login\n```\n\n- **SSH Connection:**\n - Test connecting using each key individually:\n ```bash\n ssh -i ~/.ssh/my_first_key ec2-user@34.907.166.164\n ssh -i ~/.ssh/my_second_key ec2-user@34.007.106.164\n ```\n - Use the SSH alias:\n ```bash\n ssh roadmapsh-test-server\n ```\n\n- **Security Verification:**\n - Check fail2ban status to ensure it is protecting against repeated failed login attempts.\n\n## Notes \u0026 Best Practices\n\n- **Security:**\n - Never share or commit your private SSH keys.\n - Regularly update your server and review security group settings.\n- **Documentation:**\n - This README documents your project setup. Update it if you make any changes.\n- **Future Improvements:**\n - Consider adding a firewall (e.g., UFW) or more detailed logging for enhanced security.\n\n## References\n\n- [SSH Remote Server Setup Project on roadmap.sh](https://roadmap.sh/projects/ssh-remote-server-setup)\n- [AWS EC2 User Guide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/)\n- [fail2ban Documentation](https://www.fail2ban.org/wiki/index.php/Main_Page)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkaalpanikh%2Fssh-remote-server-setup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkaalpanikh%2Fssh-remote-server-setup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkaalpanikh%2Fssh-remote-server-setup/lists"}