Connection and Authentication Guide

Overview

This guide covers different methods for connecting to and authenticating with Hetzner Cloud servers running Azure DevOps agents, including SSH for Linux and RDP for Windows.

Linux Servers - SSH Connection

SSH Key Authentication (Recommended)

SSH keys provide secure, passwordless authentication and are recommended for production environments.

Generate SSH Key Pair

On Windows (PowerShell):

# Generate SSH key pair (4096-bit RSA)
ssh-keygen -t rsa -b 4096 -C "your-email@example.com"

# When prompted:
# - File location: Press Enter for default (C:\Users\YourUser\.ssh\id_rsa)
# - Passphrase: Optional but recommended for additional security

# View public key (to add to Hetzner Cloud)
Get-Content ~\.ssh\id_rsa.pub

On Linux/Mac:

# Generate SSH key pair (4096-bit RSA)
ssh-keygen -t rsa -b 4096 -C "your-email@example.com"

# When prompted:
# - File location: Press Enter for default (~/.ssh/id_rsa)
# - Passphrase: Optional but recommended for additional security

# View public key (to add to Hetzner Cloud)
cat ~/.ssh/id_rsa.pub

Add SSH Key to Hetzner Cloud

1. Log into Hetzner Cloud Console: https://console.hetzner.cloud
2. Navigate to Security → SSH Keys
3. Click Add SSH Key
4. Paste your public key content (from id_rsa.pub file)
5. Give it a descriptive name (e.g., "My Laptop", "Workstation")
6. Click Add

Connect Using SSH Key

# Connect to server (SSH key will be used automatically)
ssh root@<server-ip>

# If your SSH key is in a non-default location:
ssh -i ~/.ssh/id_rsa root@<server-ip>

# On Windows (PowerShell):
ssh -i C:\Users\YourUser\.ssh\id_rsa root@<server-ip>

# Connect as agent user (after setup)
ssh azdevops@<server-ip>

Password Authentication

If you prefer password authentication:

1. During Server Creation:
2. In Hetzner Cloud Console, when creating server
3. You can set a root password

4. Hetzner will email you the password

5. Connect Using Password:

   ssh root@<server-ip>
   # Enter password when prompted
   

6. Reset Password (if needed):

7. Go to Hetzner Cloud Console → Your Server
8. Click Reset → Reset Password
9. New password will be displayed (save securely)

Security Note: Password authentication is less secure than SSH keys. Consider using SSH keys for production environments.

SSH Connection Troubleshooting

Connection Refused: - Wait a few minutes after server creation for full boot - Verify server is running in Hetzner Cloud Console - Check server IP address is correct

Permission Denied: - Verify SSH key is added to Hetzner Cloud - Check you're using the correct username (root for initial, azdevops after setup) - Verify password is correct (if using password auth)

Timeout: - Check firewall rules allow SSH (port 22) - Verify network connectivity - Check Hetzner Cloud firewall settings

Windows SSH Client: - Windows 10/11 includes OpenSSH client by default - If not available, install OpenSSH from Settings → Apps → Optional Features - Or use PuTTY as alternative: https://www.putty.org/

Windows Servers - RDP Connection

Connect via Remote Desktop Protocol (RDP)

On Windows

Method 1: Remote Desktop Connection (Built-in) 1. Press Win + R 2. Type mstsc and press Enter 3. Enter server IP address 4. Click Connect 5. Enter credentials: - Username: Administrator - Password: (password from Hetzner) 6. Click Yes if prompted about certificate

Method 2: PowerShell

# Connect via RDP
mstsc /v:<server-ip>

# With credentials (less secure)
cmdkey /generic:<server-ip> /user:Administrator /pass:<password>
mstsc /v:<server-ip>

Method 3: Command Line with Full Options

mstsc /v:<server-ip> /admin /f

On Mac

1. Install Microsoft Remote Desktop:

2. Download from Mac App Store: https://apps.apple.com/app/microsoft-remote-desktop/id1295203466

3. Create Connection:

4. Open Microsoft Remote Desktop
5. Click Add PC (or + button)
6. Enter connection details:
   • PC name: <server-ip>
   • User account: Administrator
   • Password: (password from Hetzner)

7. Click Add

8. Connect:

9. Double-click the connection
10. Click Continue if prompted about certificate

On Linux

1. Install Remmina (RDP Client):

   # Ubuntu/Debian
   sudo apt update
   sudo apt install remmina remmina-plugin-rdp
   
   # Fedora
   sudo dnf install remmina remmina-plugins-rdp
   

2. Create Connection:

3. Start Remmina: remmina
4. Click + (New Connection)
5. Configure:
   • Name: Hetzner Windows Agent
   • Protocol: RDP
   • Server: <server-ip>
   • Username: Administrator
   • Password: (password from Hetzner)
   • Resolution: Use client resolution
6. Click Save and Connect

Get Server Credentials

Server IP Address: 1. Log into Hetzner Cloud Console: https://console.hetzner.cloud 2. Navigate to Servers 3. Click on your Windows server 4. Copy the IPv4 address

Administrator Password: - If set during server creation, use that password - If forgotten, reset it: 1. Go to server details in Hetzner Cloud Console 2. Click Reset → Reset Password 3. New password will be displayed (save securely) 4. Use this password for RDP connection

RDP Connection Troubleshooting

Connection Timeout: - Wait 5-10 minutes after server creation for Windows to fully boot - Verify server is running in Hetzner Cloud Console - Check server IP address is correct - Verify RDP service is running on server

Authentication Failed: - Verify administrator password is correct - Try resetting password in Hetzner Cloud Console - Check username is exactly Administrator (case-sensitive)

Certificate Warning: - This is normal for first connection - Click Yes or Continue to accept certificate - Certificate is self-signed by Windows Server

RDP Not Enabled: - RDP is usually enabled by default on Windows Server - If disabled, enable via PowerShell (requires console access):

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

Firewall Issues: - Verify Windows Firewall allows RDP (port 3389) - Check Hetzner Cloud firewall rules - Ensure outbound connections are allowed

Maintenance Access

Regular Maintenance Tasks

Linux Servers: - Use SSH for all maintenance tasks - Connect as azdevops user (after initial setup) - Use sudo for administrative tasks

Windows Servers: - Use RDP for GUI-based maintenance - Use PowerShell Remoting for command-line maintenance:

# From your local machine
 Enter-PSSession -ComputerName <server-ip> -Credential (Get-Credential)

Secure Access Best Practices

1. Use SSH Keys for Linux:
2. More secure than passwords
3. Enable key-based authentication only

4. Disable password authentication in production

5. Strong Passwords:

6. Use complex passwords (minimum 16 characters)
7. Include uppercase, lowercase, numbers, symbols

8. Store passwords securely (password manager)

9. Limit Access:

10. Only grant access to authorized personnel
11. Use separate accounts for different users

12. Regularly review and revoke access

13. Monitor Access:

14. Review SSH/RDP logs regularly
15. Set up alerts for failed login attempts

16. Monitor for suspicious activity

17. Keep Software Updated:

18. Regularly update SSH client software
19. Keep RDP clients updated
20. Apply security patches to servers

Quick Reference

Linux Connection Commands

# Connect with SSH key (default location)
ssh root@<server-ip>
ssh azdevops@<server-ip>

# Connect with specific key
ssh -i ~/.ssh/id_rsa root@<server-ip>

# Connect with password
ssh root@<server-ip>
# (enter password when prompted)

Windows Connection Commands

# Windows - Open RDP connection
mstsc /v:<server-ip>

# Windows - Full screen RDP
mstsc /v:<server-ip> /f

# PowerShell Remoting (from local machine)
Enter-PSSession -ComputerName <server-ip> -Credential (Get-Credential)

Next Steps

• Set up Linux agents using SSH
• Set up Windows agents using RDP
• Review maintenance procedures for ongoing access
• Check troubleshooting guide for connection issues

References

• Hetzner Cloud SSH Keys Documentation
• OpenSSH Documentation
• Microsoft Remote Desktop Documentation