What if ssh passphrase is entered incorrectly
I have used the guide to make my server more secure with an ssh key and using a passphrase when loging in as a user. I have also disabled ssh root login and password login.
I can login as a user using the passphrase, so there is no problem with that.
If I make a mistake entering the passphrase will I be able to try again or is only one attempt allowed? Is there a timeout?
If I get locked out is there a way to regain access since ssh root login and password login have been disabled?
4 Replies
✓ Best Answer
If you have fail2ban installed it will eventually lock you out based on your IP address after a number of failed attempts for a specific amount of time.
In an emergency situation you could always use LISH.
I would use a decent password manager to help with maintaining passwords.
If I make a mistake entering the passphrase will I be able to try again or is only one attempt allowed? Is there a timeout?
Generally, no…unless you set one up. See the first response here:
https://serverfault.com/questions/275669/ssh-sshd-how-do-i-set-max-login-attempts
If I get locked out is there a way to regain access since ssh root login and password login have been disabled?
You can always login at the (Lish/Glish) console as the super-user and disable all your defenses. The console can't be disabled (well, it can but…).
-- sw
Thank you LouWestin, I use Keepass for password management so no problem there, I was concerned that I could lock myself out with no way back in but your suggestion to use Lish in an emergency gives me a solution if needed.
Thank you also @stevewi my next steps will be installing fail2ban but I needed to know if I could regain access if I messed up and locked myself out, both answers have put that
worry to rest