Is there any backup for ssh configuration, to roll back on error?

2

I have a server on the internet with an ssh server. I try to configure the ssh (by editing the /etc/ssh/sshd_config file) After editing I have to restart the ssh. But once I made a typo/syntax error in the file and the ssh server didn't start. I cannot change back because there is no connection to machine.

Is there any way to give a backup config file (which automatically picked on error) or any other way to prevent lock out myself from the server?

The only way that I have found is to connect via FTP, and edit the file, but simple FTP is not secure, and SFTP uses ssh, so this is only an insecure solution.

betontalpfa

Posted 2017-10-22T11:03:15.580

Reputation: 167

Answers

4

There is no need for a fallback configuration if you test your configuration properly, i.e.

  1. Be connected to the system via SSH
  2. Change the configuration of the SSH server.
  3. Test the configuration using the -t or -T option of sshd.
  4. Restart the sshd while still being connected. This will not close the current connection.
  5. Try to create a second connection to the server. If this fails you still have the active first connection to reinstall and test the previous configuration.

Steffen Ullrich

Posted 2017-10-22T11:03:15.580

Reputation: 3 897

To support your answer: Does restarting sshd always keep existing sessions alive? – see links in comments.

– Kamil Maciorowski – 2017-10-22T11:11:06.873

0

screen -x
cd /etc/ssh
cp sshd_config sshd_config_orig
vim sshd_config
sshd -t
systemctl restart sshd; mv sshd_config sshd_config_attempt; mv sshd_config_orig sshd_config

Then stay connected, but open a new terminal and use a fresh new ssh client to test a new connection.

If you're satisfied that its working properly:

rm sshd_config; mv sshd_config_attempt sshd_config

If you're not satisfied that it's working properly:

systemctl restart sshd

If by some freak accident you lost connection during this test, reboot the remote server with ipmi or hypervisor control, and it will boot back up with the old known working config.

Billy C.

Posted 2017-10-22T11:03:15.580

Reputation: 101

Asked: 2017-10-22T11:03:15.580

Viewed: 722 times

Active: 2017-10-22T17:09:38.153