Key based authentication works well in small environments, you generate the keys (recommend you consider ed25519 instead of RSA, etc), distribute them across the servers (public keys) and update the authorized keys file. On the server side you configure SSHD to use keys vs. passwords (disable password based authentication). As long as you do not lose the keys you are good. If you have console access to the server, then you can always reconfigure SSHD back to passwords in the event you lose your keys. For larger environments, this may not be the ideal choice and you may want to consider ssh certificates (not the same as x.509 certificates). If you are going to be using ssh certificate authentication (highly recommended) you will need to ensure the certificates do not expire and so need to renew them ahead of time. As long as you have console access to the remote server (most cloud providers have this) you can always reconfigure sshd to allow yourself back in in the event the certificates have expired. As you will be issuing the certs, you have control on their duration. Frank On Fri, Feb 21, 2020 at 7:05 AM Bob Goodwin <bobgoodwin@xxxxxxxxxxx> wrote: > > I've been reading the thread about detecting hack attempts and I am > interested in in setting up "key based authentication" as described > [perhaps] in > "https://docs.fedoraproject.org/en-US/Fedora/14/html/Deployment_Guide/s2-ssh-configuration-keypairs.html"; > > In doing this is their danger of making an error and locking myself out > of my computer, if so what to avoid? I've made some catastrophic errors > in the not very distant past that required a new system re-installation > and would prefer not repeating that. > > Suggestions, thoughts? > > Bob > > -- > Bob Goodwin - Zuni, Virginia, > Fedora Linux-31 XFCE > _______________________________________________ > users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
