Post Clone Setup

Post-clone VM setup

After cloning a virtual machine, perform the following steps to ensure the instance is unique and secure. Run the commands as root (or with sudo) unless otherwise noted.

  • Regenerate the machine-id: this prevents duplicate machine identifiers on the network.

    • Why: Duplicate machine IDs can confuse services that rely on a unique machine identifier.
    • Commands:

      rm -f /etc/machine-id
      systemd-machine-id-setup
      
  • Regenerate SSH host keys: remove any shipped host keys and create new ones so the host identity is unique.

    • Why: If host keys are duplicated across VMs, SSH clients will raise warnings and trust is compromised.
    • Commands:

      rm -fv /etc/ssh/ssh_host_*
      ssh-keygen -A
      systemctl restart sshd || service ssh restart
      
  • Create or switch to the target user and set up SSH keys: ensure the main user has a secure keypair and correct authorized keys.

    • Steps and commands (replace your_user with the actual username):

      # Become the user (or use sudo -u your_user -i)
      sudo -iu your_user
      
      # Ensure the .ssh directory exists with correct permissions
      mkdir -p ~/.ssh
      chmod 700 ~/.ssh
      
      # Create a new keypair (choose a passphrase or leave empty)
      ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N ""
      
      # Add the public key to authorized_keys (or copy your existing public key)
      cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
      chmod 600 ~/.ssh/authorized_keys
      chown -R $(id -u):$(id -g) ~/.ssh
      
  • Verify ownership and permissions: ensure the user owns their home and .ssh files and permissions are strict.

    # as root
    chown -R your_user:your_user /home/your_user
    chmod 700 /home/your_user/.ssh
    chmod 600 /home/your_user/.ssh/authorized_keys
    
  • Optional: update hostname and hosts file

    • Set a unique hostname and update /etc/hosts as needed:

      hostnamectl set-hostname my-new-hostname
      # Edit /etc/hosts if necessary
      
  • Reboot (recommended): after regenerating IDs and keys, reboot to ensure all services pick up changes.

    reboot
    

Summary: run the machine-id regeneration, rotate SSH host keys, create/verify user SSH keys, adjust permissions, optionally set a unique hostname, and reboot. These steps make a cloned VM behave as a distinct, secure instance.