I understand private keys being compromised is a huge risk; however, what about public keys. What if they are tampered with?
If someone were to access my public key associated with the private key I use to SSH in the Linux server, and modify it, wouldn’t that prevent me access to the server; therefore, affecting availability on my end?
You ask:
If someone were to access my public key associated with the private key I use to SSH in the Linux server, and modify it, wouldn’t that prevent me access to the server; therefor, affecting availability on my end?
So is the situation you are concerned about something like you leave your computer on, don’t put it to sleep, run away to do something, then someone goes to your computer and just adds a few characters to your public key so it is effectively damaged? Or even deletes it?
No worries as long as you have your private key. Just run this command:
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
And your public key will be regenerated. Just note that the comment at the end of the public key line that allows you to more easily identify which key is what—via what is typically an email address—won’t be added to this id_rsa.pub via this method. So you might want to open it up in a text editor and manually add that.
Now if you are concerned about someone hacking the public key on a remote machine in a way that denies you access? Honestly, you would have a fairly larger issue to deal with in a case like that.
Typically, someone would need to be able to gain access to root—or an account that has password-less sudo privileges or access to your own account on that machine—to do that. And that is not unheard of but a rare occurrence at best.
It sounds like you are asking if someone got into "my" Linux box, modified the .ssh/authorized_keys, which contains the public keys which allow access to the Linux box, and "modify it, wouldn’t that prevent me access to the server; therefor(e), affecting availability on my end?"
Yes if the public key is changed in the authorized_keys file it won't match your private key, but this is like saying, someone got inside your house, changed your door lock, and now your house key doesn't work anymore.
How did they get in the first place to make the change? Only root and login owner can change their own authorized_keys file, so those would be your suspects.
The whole point of a public key is to be widely known. It can be vetted by the PKI (public key infrastructure). You can sign messages (and other things) with your private key locally on your PC, and others can confirm that the message came from you.
Similarly, the public key can be put into the SSH config files on remote servers. When you SSH into those servers, they present a challenge that can only be correctly answered by someone with the proper private key.
Your original question asked:
"If someone were to access my public key associated with the private key I use to SSH in the Linux server, and modify it"...
then it would no longer be the same public key. You can regenerate the public key immediately for another admin to set the proper public key.
You have secondary worries: Who else can get access to my machine, what can they do, and how do I recover? hose answers are complicated and situational.
There are many good resources on SSH and PKI on the web... here's a good start: SSH Essentials: Working with SSH Servers, Clients, and Keys
Yes, if they change your public key on the server, that would deny you access to the server.
But it's even worse. If they change it to someone else's public key, it would mean that that other person could impersonate you on the server. This is much the same as the consequences of someone changing your password when using traditional authentication.
But if someone has the ability to change your public key, they might also have the ability to add additional public keys. So they could give themselves the ability to impersonate you without denying you access, and you might never realize that something was amiss until someone accuses you of doing something on the server that you didn't do.
This question seems akin to asking "what if someone modifies my program's source?" about open source software, and the answer is the same: they can only modify their copy, or a copy that they (rightfully or wrongfully) have access to. Generally this has no impact whatsoever on you, and if it does, the impact has nothing to do with the public key but rather with the ability to wrongfully make changes on a system where doing so impacts you.
You should restore it from a backup. I'm sorry if this sounds like a NSS statement, but yes.
And yes you can regenerate it from the private key, but why would you not have a backup or redundant copy?
And if this is a cloud instance, why would you not have another way in? (I don't care if it is unprofessional, Webmin or similar). What would you do if you lost sshd entirely?
..and at least 2 administrators, so you can't be locked out.
