Re: Key-Based Authentication -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Fri, 21 Feb 2020, 12:51 Frank Pikelner, <frank.pikelner@xxxxxxxxx> wrote:
Take care with " backdoors", not a good idea. Port scanners ie "nmap"
will find obfuscated servers running on different ports.

On Fri, Feb 21, 2020 at 7:21 AM Michal Schorm <mschorm@xxxxxxxxxx> wrote:
>
> > In doing this is their danger of making an error and locking myself out
> > of my computer, if so what to avoid?
>
> You can use dummy account for that, on both ends.
>
> You can force SSH (client) to only use keyes, instead of passwords.
>
> You can run SSH in a container, to learn how to set it up. If you
> break thy system inside of the container, you can just restart it and
> try again.
>
> You can try (never did this one) to run another SSH server on
> different port - as a "backdoor". (Allow that port in firewall)
>
> Once you are confident, you can start using your intended client,
> still with dummy server (either in a container or a dummy user
> account).
> After everything will work, you can attempt to switch to "production".
>
> If you are locking root account, set sudo permissions to another user account.
>
> Restart both devices on both ends (at once) to make sure you have
> correct permanent configuration.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
> Michal Schorm
> Software Engineer
> Core Services - Databases Team
> Red Hat
>
> --
>
> On Fri, Feb 21, 2020 at 1:05 PM Bob Goodwin <bobgoodwin@xxxxxxxxxxx> wrote:
> >
> > I've been reading the thread about detecting hack attempts and I am
> > interested in in setting up "key based authentication" as described
> > [perhaps] in
> > "https://docs.fedoraproject.org/en-US/Fedora/14/html/Deployment_Guide/s2-ssh-configuration-keypairs.html"
> >
> > In doing this is their danger of making an error and locking myself out
> > of my computer, if so what to avoid? I've made some catastrophic errors
> > in the not very distant past that required a new system re-installation
> > and would prefer not repeating that.
> >
> > Suggestions, thoughts?
> >
> > Bob
> >
> > --
> > Bob Goodwin - Zuni, Virginia,
> > Fedora Linux-31 XFCE
> > _______________________________________________

You can enable 2FA as well, add AllowUsers to your sshd_config for additional security.

Details on 2FA and Fedora can be found here https://fedoramagazine.org/two-factor-authentication-ssh-fedora/


_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux