Using ssh key pair authentication and disabling ssh password authentication - what happens if private key lost?
I'm configuring my first server on Linode and going through their set up tutorials.
In their Securing Your Server tutorial, it recommends using ssh key pair authentication and disabling password authentication.
My question is if I disable password authentication - what if I lose my private key? How will I ever be able to log back into my server again?
My question is if I disable password authentication - what if I lose my private key? How will I ever be able to log back into my server again?
That's why you should always have some form of Out-of-Band management for your server. For a physical server, that would be something like Dell's DRAC card or HP's iLO card. For your Linode, that's what LISH is for. Using these OOB solutions, you can sign into the actual console of your server using your username and password. These also come in handy when networking breaks on your server and you're not able to access it.
But honestly, just don't lose your key. Protect it with a passphrase and back it up somewhere safe. Heck, print it out and stash it in your safe. They're relatively small files, and there's no excuse for not taking good care of it.
Update: Regarding LISH security: use different credentials/keys for LISH. That's all there is to it - credentials which, if compromised, would not grant access to your server.
In regards to someone finding out that Linode is your provider, well that information is available to anyone, and is just a simple whois
command away.
You'd be locked out, same as if you forgot the root password.
What you should do is back up your key on external media, and put it somewhere safe. With a passphrase inside a box at the bank if you're the paranoid type.
There's various intentional backdoors of course, like Digitalocean's VNC. And/or any managed backup service where you can push files to the machine (simply push an sshd config where password logins are allowed) like Idera.