5

This has not happened to me, yet.

But let's assume the following scenario:

I copy my public key to the server, and then disable password authentication for ssh. Then, for some unknown reason, the public key on the server gets corrupted, and I can no longer login because I have turned off password authentication.

What are my options for regaining access to that server?

jshawl
  • 297
  • 2
  • 13

2 Answers2

9

Unless you have either console access or a another user account that can still log in: none.

Ansgar Wiechers
  • 4,247
  • 2
  • 18
  • 26
  • 1
    Second that. Note that if you have ILO then that counts as console access. – Hennes Sep 02 '12 at 15:37
  • What is ILO? What do you mean by console access (separate from another user account)? – jshawl Sep 02 '12 at 15:43
  • 2
    iLO is short for [integrated Lights-Out](http://en.wikipedia.org/wiki/HP_Integrated_Lights-Out) management. Strictly speaking the term refers to HP's remote management interfaces only, but some people use it for any kind of remote management interface. This kind of interface is one way to enable [out-of-band management](http://en.wikipedia.org/wiki/Out-of-band_management) of a system, and particularly remote access to the system's console. Other options include KVM, serial consoles, or virtual consoles provided by hypervisors. – Ansgar Wiechers Sep 02 '12 at 16:31
  • 2
    iLO is HP's name for the remote access card. Dell call them DRAC, IBM call them Remote Supervisor. Basically if you have one installed and configured you can remotely get access as if you were at the local console as well as being able to remotely power cycle the system as well as other goodies. – Robin Gill Sep 02 '12 at 16:33
  • ...unless you have physical access to the hard drive. – Tom Marthenal Sep 03 '12 at 10:36
3

If you assume random data can become corrupted, there are many many other things to worry about that would make login impossible, including but not limited to: your shell, the libc, the sshd binary or any of its dynamically linked libraries, the structure of the fs itself...

You can protect against all of them at once by using either a checksumming filesystem with redundant disks (like zfs, or btrfs when it gets the relevant features), or maybe something like raid6, which wastes two disks for redundancy but can heal silent corruption on a single disk.

b0fh
  • 3,313
  • 1
  • 21
  • 32