HOME
art gallery Linkedin GitHub Donations Our Recommendations
Login
Hashcat Premium
Info
Vuln Fact Check Server Managment Links
SSH
Auth.log Debug DNS key share Cheatpapper
Encryption
fido2 Twofish serpent .ssh/config cipher set sshd set cipher
Firewall
IP block list Fail2ban fail2ban Config SELinux
Tools
Mpiexec Rsync Mosh Glances SSHFS Tmate autossh XQuartz
VPN
SSH Tunneling Cloudflare Onion Network/Tor sshuttle SSH Proxy Reverse Tunnel SSH Tunnel ssh socksv5 proxy
Keys
CA Info Generate Ed25519 key Certificates keys CA & Host auth Backup Key OTP Hardware key SCP Trezor Ledger Nano X
Tweaks
DNS BASH Zsh ssh client env sshd env config X11
Configfiles
sshd, Single Node. sshd, Firewall Single Node. sshd, Cloud Firewall Single Node. sshd, Firewall X11. Win 11 OpenSSH Server
Encrypted backup key icon

When you set up SSH key-based authentication, you typically add your SSH public key to the authorized_keys file on the remote server. This allows you to authenticate without having to enter a password every time you connect to the server.

Using two authorized_keys files, one main and one backup, ensures that you always have a working copy of the file. If you accidentally modify or delete the main authorized_keys file, you can simply use the backup file to restore it.

Protecting the backup file from accidental modifications or deletions is also important. This can be done by setting the immutable flag on the file, as described in the previous example. This prevents the file from being modified or deleted, even by the root user.

Step-by-step guide:
  1. Create a ~/.ssh directory if it doesn't exist already, and navigate to it:
    2. mkdir -p ~/.ssh && cd ~/.ssh
  2. Generate a new ed25519 key pair:
    3. ssh-keygen -t ed25519 -C "Your comment here"
  3. Create a authorized_keys_main file:
    4. touch authorized_keys_main
  4. Copy your SSH public key to the authorized_keys_main file. You can do this by opening the file in a text editor and pasting your public key on a new line, or by using the ssh-copy-id command:
    5. ssh-copy-id -i ~/.ssh/id_ed25519.pub user@server
  5. Create a backup of the authorized_keys_main file and name it authorized_keys_backup:
    6. cp authorized_keys_main authorized_keys_backup
  6. Set the execute permission on the authorized_keys_backup file:
    7. chmod +x authorized_keys_backup
  7. Set the immutable flag on the authorized_keys_backup file using the chattr command:
    8. sudo chattr +i authorized_keys_backup

    Note: you may need to use sudo to run the chattr command, depending on your system configuration.

  8. Verify that the authorized_keys_backup file is protected by trying to delete or modify it:
    9. rm authorized_keys_backup

    You should see an error message indicating that the file is protected.