0

I have currently lost my servers data and needed to restore the server from the backup. But the backup is too old for the server to know the machines ssh key.

                Server ----------------------------------- Machine 

(doesn't know public key of machine) --------------------- (has private and public key)

Machine tries to connect to the server, every 10 seconds. I can see the attempts in the log.

How can I give the machine (at least temporarily) access to the server? Disabling authentication doesn't seem to be possible with ssh?

The machine is too far away, so that i can't go there and get the public key again and can't give it a new key.

So is there any chance to let the machine connect to my server?

Note that the machine is out in the wilderness, so no human can easily access it.

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
henry86
  • 21
  • 3

2 Answers2

2

No, loss of ssh keys means a user cannot log in.

If the private key is known, derive the public key from private. However, this doesn't help if the server doesn't have the public key, leaving the client still with no way to log in.

If a user who can become root can log in, use the privilaged account to install a new public key provided by the user.

If no one at all can log in remotely, use out of band management access to get a shell. Serial consoles, IPMI, a tech physically there to provide remote hands, however you need to get in.

And fix backups to cover the required recovery objective. Actually do restore tests.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32
  • The server was reset and lost it's data. The user (which is just a machine out in the wild, there is no human at this machine) has it's keys. But I can't get to the machine, it's to far away from me and there is no user near it. The machine automatically tries to connect every ten seconds with it's key, but the server doesn't know the key. How can I let the machine connect to the server? – henry86 Dec 30 '20 at 10:14
1

Your only option is get a KVMoIP or similar device. If your colocating this thing a NoC tech can normally do this for you on "first come, first served" basis, at a fee or at remote hand rates.

Rickuku
  • 344
  • 1
  • 5
  • I don't understand a word of what you are writing. I have an ssh server and a machine with ssh client. What has kvm to do with that? – henry86 Dec 29 '20 at 23:19
  • 1
    @Rickuku is suggesting a way for you to get remote access to the distant machine, assuming it is hosted in a data centre. A KVMoIP is basically a hardware version of VNC, If nobody has physical access to the machine or you have no way to remotely log into it then you are basically hosed. – hardillb Dec 29 '20 at 23:44
  • the machine is not hosted in a datacenter. It is in the wild, where no humans live. – henry86 Dec 30 '20 at 11:43
  • Then unfortunately you would no longer be able to access it. – Rickuku Dec 30 '20 at 12:41