On Fri, 21 Feb 2020, 12:51 Frank Pikelner, <frank.pikelner(a)gmail.com> wrote:
Take care with " backdoors", not a good idea. Port scanners
ie "nmap"
will find obfuscated servers running on different ports.
On Fri, Feb 21, 2020 at 7:21 AM Michal Schorm <mschorm(a)redhat.com> wrote:
> > In doing this is their danger of making an error and
locking myself out
> > of my computer, if so what to avoid?
> You can use dummy account for that, on both ends.
> You can force SSH (client) to only use keyes, instead of
passwords.
> You can run SSH in a container, to learn how to set it
up. If you
> break thy system inside of the container, you can just restart it and
> try again.
> You can try (never did this one) to run another SSH
server on
> different port - as a "backdoor". (Allow that port in firewall)
> Once you are confident, you can start using your intended
client,
> still with dummy server (either in a container or a dummy user
> account).
> After everything will work, you can attempt to switch to "production".
> If you are locking root account, set sudo permissions to
another user
account.
> Restart both devices on both ends (at once) to make sure
you have
> correct permanent configuration.
> --
> Michal Schorm
> Software Engineer
> Core Services - Databases Team
> Red Hat
> --
> On Fri, Feb 21, 2020 at 1:05 PM Bob Goodwin
<bobgoodwin(a)fastmail.us
wrote:
>
> > I've been reading the thread about detecting
hack attempts and I am
> > interested in in setting up "key based authentication" as described
> > [perhaps] in
> > "
https://docs.fedoraproject.org/en-US/Fedora/14/html/Deployment_Guide/s2-s...
"
>
> > In doing this is their danger of making an error and
locking myself out
> > of my computer, if so what to avoid? I've made some catastrophic errors
> > in the not very distant past that required a new system re-installation
> > and would prefer not repeating that.
>
> > Suggestions, thoughts?
>
> > Bob
>
> > --
> > Bob Goodwin - Zuni, Virginia,
> > Fedora Linux-31 XFCE
> > _______________________________________________
You can enable 2FA as well, add AllowUsers to your sshd_config for
additional security.
Details on 2FA and Fedora can be found here