Linux · SSH: Keys, Config & Hardening

When enabling SSH 2FA on a remote server you don't have physical access to, what single precaution keeps a misconfiguration from locking you out forever?

Sign in to see the full answer — free to start on the web.

This is one card from the KnowCard library. The full way to learn it — spaced-repetition review, progress tracking, and AI explanations — lives in the KnowCard app, free to start on the web. iOS & Android are coming soon.

Get started — it’s free

Already have an account? Sign in →

More in SSH: Keys, Config & Hardening

Why are telnet and rlogin considered obsolete, and what does ssh do differently to replace them?
The very first time you ssh to a new host, it prints a fingerprint and asks you to confirm. What is that step actually protecting you against, and what does answering yes do?
You reinstalled a server but kept its old hostname; now ssh screams REMOTE HOST IDENTIFICATION HAS CHANGED and refuses to connect. What is it warning about and how do you clear it once you know the change is legitimate?
How do you run a single command on a remote host without opening an interactive shell, versus feeding a whole batch of commands to it non-interactively?
For automating ssh across many fresh hosts, the first-connect trust prompt gets in the way. Which option skips it, and which config file do such client options belong in?
Which ssh option lets a graphical program running on the remote host display on your local screen, and does it still work under Wayland?