I have a server that I would like to change authentication methods for.
Is there a way to always ensure a valid, secure, login for SSH (or an alternative secure remote method to recover your ssh login), so you can fix things if they go horribly horribly wrong?
Use your out-of-band remote console (IPMI, iLO, DRAC, etc.).
If you can’t use a remote console, start a temporary second copy of sshd on an alternate port with the original configuration, and connect with it to make your changes. If something goes wrong and the new sshd configuration breaks, you still have one running on an alternate port to connect with.
server # sshd -p 2222 # May also want to add -D, check the man page client # ssh -p 2222 user@server
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.