SSH prevent accidental lockout after configuration change

00500005 asked:

I have a server that I would like to change authentication methods for.

Is there a way to always ensure a valid, secure, login for SSH (or an alternative secure remote method to recover your ssh login), so you can fix things if they go horribly horribly wrong?

My answer:


Use your out-of-band remote console (IPMI, iLO, DRAC, etc.).

If you can’t use a remote console, start a temporary second copy of sshd on an alternate port with the original configuration, and connect with it to make your changes. If something goes wrong and the new sshd configuration breaks, you still have one running on an alternate port to connect with.

server # sshd -p 2222  # May also want to add -D, check the man page

client # ssh -p 2222 user@server

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.