I standardized remote access to managed Linux hosts using SSH key authentication, a maintained ~/.ssh/config, and persistent tmux sessions. Host aliases and ProxyJump turned multi-hop logins into a single short command that survives dropped connections.

Objective & Context

SSH is the primary control channel for every server in the homelab. This lab builds reliable, low-friction access with key auth, named host entries, jump-host routing, and tmux for session persistence, the entry point for the hardening lab.

Environment & Prerequisites

  • OpenSSH 9.x client and server; an ed25519 keypair.
  • One or more reachable Linux hosts, optionally behind a bastion.
  • tmux installed on the remote host.

Step-by-Step Execution

1. Define a host alias with ProxyJump

Host nas
  HostName 192.168.20.10
  User taki
  ProxyJump bastion
  IdentityFile ~/.ssh/id_ed25519

2. Connect with one command

ssh nas

3. Start a persistent session

tmux new -s work; tmux attach -t work
Last login: Wed Jun 17 2026 from 192.168.10.5
[work] taki@nas:~$

Validation & Testing

Disconnect mid-task and reconnect to confirm the tmux session resumes intact, and verify login uses the key (no password prompt). Pass criteria: one-command access through the jump host and a session that survives network drops.

Advanced: Troubleshooting
  • Password prompt: confirm the public key is in remote ~/.ssh/authorized_keys with 600 perms.
  • ProxyJump fails: the bastion host entry must itself be reachable and keyed.
  • Lost work on disconnect: always run long tasks inside tmux or screen.

Key Results

  • Reduced multi-hop logins to a single aliased command.
  • Eliminated password prompts via key-based authentication.
  • Preserved 100% of long-running sessions across disconnects with tmux.
  • Centralized host definitions in one maintained ssh config.