Assume Your App Gets Popped
How to expose a possibly-vulnerable app to the public internet and survive it: rootless containers, a file-integrity tripwire, and zero inbound SSH on the box.
All the articles with the tag "ssh".
How to expose a possibly-vulnerable app to the public internet and survive it: rootless containers, a file-integrity tripwire, and zero inbound SSH on the box.
Disaster recovery for your Linux home lab — tiered backups, a restic script that actually runs, restore drills, and the gotchas that bite at 2 AM.
Generate SSH keys, set up passwordless auth, configure SSH, and transfer files securely with SCP — the foundation of headless Linux work.
Adding TOTP to SSH and sudo takes 10 minutes and makes password spray attacks useless. Here's the setup that won't lock you out of your own server.
Managing authorized_keys across 10 servers is how you lose track of who has access to what. An SSH CA lets you sign keys and revoke access without touching every server.
Hide your SSH port from scanners with port knocking. It's not a replacement for security, but it's a valid defense-in-depth tactic.
RSA SSH keys are aging out. Why Ed25519 is the 2026 default, how to generate one in 30 seconds, and how to audit and rotate your legacy keys safely.
Harden SSH properly: disable password auth, switch to Ed25519 keys, configure sshd_config, set up SSH certificates with step-ca, add 2FA, and configure ProxyJump for bastion hosts.
SSHFS mounts remote filesystems over SSH so you can browse and edit files locally — faster than scp for interactive work.
Understand SSH agent forwarding security risks. When it's safe (almost never), and better alternatives like ProxyJump for jump hosts.
Fix SSH timeouts: ServerAliveInterval, ServerAliveCountMax, ClientAliveInterval. Understand NAT, firewalls, and TCP keepalive.
Master SSH ControlMaster, ControlPath, and ControlPersist. Reuse connections for lightning-fast SSH, SCP, and rsync operations.