On Fri, 21 Feb 2020, 12:51 Frank Pikelner, frank.pikelner@gmail.com wrote:
Take care with " backdoors", not a good idea. Port scanners ie "nmap" will find obfuscated servers running on different ports.
On Fri, Feb 21, 2020 at 7:21 AM Michal Schorm mschorm@redhat.com wrote:
In doing this is their danger of making an error and locking myself out of my computer, if so what to avoid?
You can use dummy account for that, on both ends.
You can force SSH (client) to only use keyes, instead of passwords.
You can run SSH in a container, to learn how to set it up. If you break thy system inside of the container, you can just restart it and try again.
You can try (never did this one) to run another SSH server on different port - as a "backdoor". (Allow that port in firewall)
Once you are confident, you can start using your intended client, still with dummy server (either in a container or a dummy user account). After everything will work, you can attempt to switch to "production".
If you are locking root account, set sudo permissions to another user
account.
Restart both devices on both ends (at once) to make sure you have correct permanent configuration.
--
Michal Schorm Software Engineer Core Services - Databases Team Red Hat
--
On Fri, Feb 21, 2020 at 1:05 PM Bob Goodwin bobgoodwin@fastmail.us
wrote:
I've been reading the thread about detecting hack attempts and I am interested in in setting up "key based authentication" as described [perhaps] in "
https://docs.fedoraproject.org/en-US/Fedora/14/html/Deployment_Guide/s2-ssh-... "
In doing this is their danger of making an error and locking myself out of my computer, if so what to avoid? I've made some catastrophic errors in the not very distant past that required a new system re-installation and would prefer not repeating that.
Suggestions, thoughts?
Bob
-- Bob Goodwin - Zuni, Virginia, Fedora Linux-31 XFCE _______________________________________________
You can enable 2FA as well, add AllowUsers to your sshd_config for additional security.
Details on 2FA and Fedora can be found here https://fedoramagazine.org/two-factor-authentication-ssh-fedora/