SSH Hardening: Lock Down Remote Access Without Locking Yourself Out
Harden SSH properly: disable password auth, switch to Ed25519 keys, configure sshd_config, set up SSH certificates with step-ca, add 2FA, and configure ProxyJump for bastion hosts.
All the articles with the tag "security".
Harden SSH properly: disable password auth, switch to Ed25519 keys, configure sshd_config, set up SSH certificates with step-ca, add 2FA, and configure ProxyJump for bastion hosts.
Why trust a cloud with your passwords? Compare Vaultwarden and Bitwarden self-hosted — lightweight vs full-stack, Docker setup, backups, and which one to actually run.
auditd logs every system call, file access, and command run on your Linux server. Learn ausearch, aureport, and how to write audit rules that catch it.
Never edit /etc/sudoers directly. One syntax error locks everyone out. Use visudo, understand NOPASSWD risks.
Incomplete cert chains, wrong order, self-signed certs. How to diagnose trust failures with openssl s_client.
Certs expire silently. Check expiry with openssl, automate renewal checks with cron, get alerts before disaster.
Firewall rules are evaluated top-down, first match wins. One misplaced ALLOW rule above your denials silently defeats all your security. Here's the fix.
Understand sticky bit, setuid, and setgid: what they do, how to set them, security implications, and real-world use cases.
Verify fail2ban is protecting you: check jails, test bans, monitor logs, common misconfiguration, and unban IPs when needed.
SSHFS mounts remote filesystems over SSH so you can browse and edit files locally — faster than scp for interactive work.
Understand SSH agent forwarding security risks. When it's safe (almost never), and better alternatives like ProxyJump for jump hosts.
Understand Linux umask: what it is, how 022 and 027 work, calculating file permissions, and why it matters for shared directories and security.