SSH Remote Access with Keys, Client Config, and tmux
I standardized remote access to managed Linux hosts using SSH key authentication, a maintained ~/.ssh/config, and persistent tmux sessions. Host aliases and ProxyJump turned multi-hop logins into a single short command that survives dropped connections.
Objective & Context
SSH is the primary control channel for every server in the homelab. This lab builds reliable, low-friction access with key auth, named host entries, jump-host routing, and tmux for session persistence, the entry point for the hardening lab.
Environment & Prerequisites
- OpenSSH 9.x client and server; an ed25519 keypair.
- One or more reachable Linux hosts, optionally behind a bastion.
- tmux installed on the remote host.
flowchart LR
C[Client] -->|ssh config alias| J[Bastion/Jump]
J -->|ProxyJump| H[Internal host]
H --> T[tmux persistent session]
Step-by-Step Execution
1. Define a host alias with ProxyJump
Host nas
HostName 192.168.20.10
User taki
ProxyJump bastion
IdentityFile ~/.ssh/id_ed25519
2. Connect with one command
ssh nas3. Start a persistent session
tmux new -s work; tmux attach -t workLast login: Wed Jun 17 2026 from 192.168.10.5
[work] taki@nas:~$
Validation & Testing
Disconnect mid-task and reconnect to confirm the tmux session resumes intact, and verify login uses the key (no password prompt). Pass criteria: one-command access through the jump host and a session that survives network drops.
Advanced: Troubleshooting
- Password prompt: confirm the public key is in remote
~/.ssh/authorized_keyswith 600 perms. - ProxyJump fails: the bastion host entry must itself be reachable and keyed.
- Lost work on disconnect: always run long tasks inside tmux or screen.
Key Results
- Reduced multi-hop logins to a single aliased command.
- Eliminated password prompts via key-based authentication.
- Preserved 100% of long-running sessions across disconnects with tmux.
- Centralized host definitions in one maintained ssh config.