Damien/infra-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(netlab): add SSH safety net documentation

Browse Source
This commit is contained in:
Damien Arnodo
2025-12-26 11:25:54 +00:00
parent 0f15938525
commit 300a832e28
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
netlab/README.md
View File

@@ -40,12 +40,28 @@ NETLAB_HOSTNAME=clab01 SSH_PORT=22222 curl -fsSL https://gitea.arnodo.fr/Damien/
## What it does ## What it does
1. Sets hostname 1. Sets hostname
2. Installs base packages (vim, fail2ban, unattended-upgrades) 2. Installs base packages (vim, fail2ban, unattended-upgrades, at)
3. Installs and connects Tailscale 3. Installs and connects Tailscale
4. Configures sysctl for networking and containerlab 4. Configures sysctl for networking and containerlab
5. Installs ContainerLab + Docker (via official setup script) 5. Installs ContainerLab + Docker (via official setup script)
6. Configures SSH on custom port 6. Configures SSH on custom port
7. Configures UFW (custom SSH port public, everything else via Tailscale) 7. Configures UFW (custom SSH port public, everything else via Tailscale)
8. Temporarily opens SSH port 22 for 5 minutes (safety net)
## SSH Safety Net
During installation, SSH port 22 is temporarily opened for 5 minutes to prevent lockout if you're connected via public IP on the default port. After 5 minutes, it will be automatically closed. You can then use either the custom SSH port or Tailscale SSH.
```bash
# List scheduled jobs
sudo atq
# Cancel the scheduled SSH closure (replace N with job number)
sudo atrm N
# Manually close SSH port 22 if needed
sudo ufw delete allow 22/tcp
```
## Post-install ## Post-install