Linux – Locked out of ssh, with no root access

linuxremote-accessssh

So, I have configured my linux ubuntu 14.04 box for ssh on port 22 with root login via private / public key, no password login.

I have iptables setup to block all incoming connections except for port 22, and the loop back interface. I inadvertently changed the SSH port to a new port (not 22).

I don't have physical access to the box. Is my only choice just to re-image the box?

Best Answer

If your iptables rule was temporary, you could try a reboot. Else, you would need console access to the machine, in which you could boot into single user mode and change it back. Otherwise, you have effectively firewalled yourself out and would need to re-image if you can't get a console.

Related Solutions

Enhance Security – Does Disabling Root Login Improve Security?

The short answer is that the smaller your attack profile the better. Always. If you don't need it or can use an alternative such as sudo or su, then don't enable root login.

One big argument in favor of disabling root and using sudo/su is that you can track who's doing what. One user - one login. Never share accounts.

The argument at that link seems to be specific to local login, rather than ssh.

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Best Answer

Related Solutions

Enhance Security – Does Disabling Root Login Improve Security?

Ssh – How to automate SSH login with password

Related Topic