On Fri, 21 Feb 2020, 12:51 Frank Pikelner, <frank.pikel...@gmail.com> wrote:
> Take care with " backdoors", not a good idea. Port scanners ie "nmap" > will find obfuscated servers running on different ports. > > On Fri, Feb 21, 2020 at 7:21 AM Michal Schorm <msch...@redhat.com> wrote: > > > > > In doing this is their danger of making an error and locking myself out > > > of my computer, if so what to avoid? > > > > You can use dummy account for that, on both ends. > > > > You can force SSH (client) to only use keyes, instead of passwords. > > > > You can run SSH in a container, to learn how to set it up. If you > > break thy system inside of the container, you can just restart it and > > try again. > > > > You can try (never did this one) to run another SSH server on > > different port - as a "backdoor". (Allow that port in firewall) > > > > Once you are confident, you can start using your intended client, > > still with dummy server (either in a container or a dummy user > > account). > > After everything will work, you can attempt to switch to "production". > > > > If you are locking root account, set sudo permissions to another user > account. > > > > Restart both devices on both ends (at once) to make sure you have > > correct permanent configuration. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Michal Schorm > > Software Engineer > > Core Services - Databases Team > > Red Hat > > > > -- > > > > On Fri, Feb 21, 2020 at 1:05 PM Bob Goodwin <bobgood...@fastmail.us> > wrote: > > > > > > I've been reading the thread about detecting hack attempts and I am > > > interested in in setting up "key based authentication" as described > > > [perhaps] in > > > " > https://docs.fedoraproject.org/en-US/Fedora/14/html/Deployment_Guide/s2-ssh-configuration-keypairs.html > " > > > > > > In doing this is their danger of making an error and locking myself out > > > of my computer, if so what to avoid? I've made some catastrophic errors > > > in the not very distant past that required a new system re-installation > > > and would prefer not repeating that. > > > > > > Suggestions, thoughts? > > > > > > Bob > > > > > > -- > > > Bob Goodwin - Zuni, Virginia, > > > Fedora Linux-31 XFCE > > > _______________________________________________ > You can enable 2FA as well, add AllowUsers to your sshd_config for additional security. Details on 2FA and Fedora can be found here https://fedoramagazine.org/two-factor-authentication-ssh-fedora/ >
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
