Chapter 1

Welcome to Book 6

Remote access principles and least privilege.

In this book

Connect to Linux servers securely with SSH instead of passwords
Manage keys, agents, and ~/.ssh/config for multiple hosts
Harden sshd and design jump hosts for production access
Use tunnels and port forwarding for admin tasks behind firewalls
Troubleshoot connection failures systematically
Write an access policy for a Canadian small business

How to use this textbook

SSH is how Marcus administers Workshop Co.'s Proxmox VMs from his Edmonton home without driving to the workshop every time PostgreSQL needs a patch. This book assumes you can open a terminal and type commands.

Tip

Practice on a lab VM first. Never experiment with lockout settings on production sshd without console access or out-of-band recovery.

Meet your lab company

Workshop Co.

Domain: workshopco.ca
Business: Weekend woodworking classes in Edmonton, Alberta
Admin: Marcus — part-time, works from home two evenings a week
Infrastructure: Proxmox host, four VMs, one LXC reverse proxy
Access goal: SSH to all Linux guests through one hardened bastion — no direct internet SSH to database

What you need

macOS, Linux, or Windows 11 with OpenSSH client
Optional: A Linux VM to practice server-side config
Your own SSH key pair (we create one in Chapter 2)

Try it yourself — Before Chapter 2

From your computer, run:

ssh -V

Write down the OpenSSH version. Check if you already have keys:

ls -la ~/.ssh/

What to expect

OpenSSH prints something like OpenSSH_9.x. If ~/.ssh/ does not exist or is empty, you will create keys in the next chapter. If you see id_ed25519 and id_ed25519.pub, you may reuse them for lab work only — never copy production private keys between machines casually.

Key terms introduced

SSH: Secure Shell — encrypted remote login and command execution.
sshd: The SSH server daemon listening on port 22 (or custom port).
Public-key authentication: Client proves identity with a private key matching a public key in authorized_keys.