On Fri, 21 Feb 2020, 12:51 Frank Pikelner, <frank.pikelner@xxxxxxxxx> wrote:
Take care with " backdoors", not a good idea. Port scanners ie "nmap"
will find obfuscated servers running on different ports.
On Fri, Feb 21, 2020 at 7:21 AM Michal Schorm <mschorm@xxxxxxxxxx> wrote:
>
> > In doing this is their danger of making an error and locking myself out
> > of my computer, if so what to avoid?
>
> You can use dummy account for that, on both ends.
>
> You can force SSH (client) to only use keyes, instead of passwords.
>
> You can run SSH in a container, to learn how to set it up. If you
> break thy system inside of the container, you can just restart it and
> try again.
>
> You can try (never did this one) to run another SSH server on
> different port - as a "backdoor". (Allow that port in firewall)
>
> Once you are confident, you can start using your intended client,
> still with dummy server (either in a container or a dummy user
> account).
> After everything will work, you can attempt to switch to "production".
>
> If you are locking root account, set sudo permissions to another user account.
>
> Restart both devices on both ends (at once) to make sure you have
> correct permanent configuration.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
> Michal Schorm
> Software Engineer
> Core Services - Databases Team
> Red Hat
>
> --
>
> On Fri, Feb 21, 2020 at 1:05 PM Bob Goodwin <bobgoodwin@xxxxxxxxxxx> wrote:
> >
> > I've been reading the thread about detecting hack attempts and I am
> > interested in in setting up "key based authentication" as described
> > [perhaps] in
> > "https://docs.fedoraproject.org/en-US/Fedora/14/html/Deployment_Guide/s2-ssh-configuration-keypairs.html"
> >
> > In doing this is their danger of making an error and locking myself out
> > of my computer, if so what to avoid? I've made some catastrophic errors
> > in the not very distant past that required a new system re-installation
> > and would prefer not repeating that.
> >
> > Suggestions, thoughts?
> >
> > Bob
> >
> > --
> > Bob Goodwin - Zuni, Virginia,
> > Fedora Linux-31 XFCE
> > _______________________________________________
You can enable 2FA as well, add AllowUsers to your sshd_config for additional security.
Details on 2FA and Fedora can be found here https://fedoramagazine.org/two-factor-authentication-ssh-fedora/
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
