Post Clone Setup
Post-clone VM setup
After cloning a virtual machine, perform the following steps to ensure the instance is unique and secure. Run the commands as root (or with sudo) unless otherwise noted.
-
Regenerate the machine-id: this prevents duplicate machine identifiers on the network.
- Why: Duplicate machine IDs can confuse services that rely on a unique machine identifier.
-
Commands:
-
Regenerate SSH host keys: remove any shipped host keys and create new ones so the host identity is unique.
- Why: If host keys are duplicated across VMs, SSH clients will raise warnings and trust is compromised.
-
Commands:
-
Create or switch to the target user and set up SSH keys: ensure the main user has a secure keypair and correct authorized keys.
-
Steps and commands (replace
your_userwith the actual username):# Become the user (or use sudo -u your_user -i) sudo -iu your_user # Ensure the .ssh directory exists with correct permissions mkdir -p ~/.ssh chmod 700 ~/.ssh # Create a new keypair (choose a passphrase or leave empty) ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N "" # Add the public key to authorized_keys (or copy your existing public key) cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys chown -R $(id -u):$(id -g) ~/.ssh
-
-
Verify ownership and permissions: ensure the user owns their home and
.sshfiles and permissions are strict. -
Optional: update hostname and hosts file
-
Set a unique hostname and update
/etc/hostsas needed:
-
-
Reboot (recommended): after regenerating IDs and keys, reboot to ensure all services pick up changes.
Summary: run the machine-id regeneration, rotate SSH host keys, create/verify user SSH keys, adjust permissions, optionally set a unique hostname, and reboot. These steps make a cloned VM behave as a distinct, secure instance.