SSH Hardening - Securing Your Linux Servers

Merox HPC Sysadmin

October 6, 2025 1 min read (9 min read total) · 6 parts

Security Intermediate

In this series

Table of Contents

The default SSH configuration on most distributions is functional but not production-safe. After managing Linux infrastructure for several years — and finding over 50,000 failed login attempts in a single day’s auth log early in my career — I apply the same hardening steps to every server I manage.

Warning

Never lock yourself out. Always test each change in a separate SSH session before closing your original connection.

Guide Structure

Key-Based Authentication — replace password auth with cryptographic keys
SSH Daemon Hardening — production-ready sshd_config
Two-Factor Authentication — TOTP on top of key auth
Host-Based Authentication — automated server-to-server trust
Security Monitoring — fail2ban, connection management, log analysis
Troubleshooting & Best Practices — common issues, compliance, maintenance

Share this post

SMB Authentication with AD on Linux

How to integrate Linux SMB file servers with Active Directory using SSSD, Samba, Kerberos, and realmd — tested on RHEL 8 and OpenSUSE 15.6.

June 1, 2025 7 min read

The Axios Supply Chain Attack

A compromised maintainer account pushed two poisoned axios versions that drop a cross-platform RAT. Here's what happened and how I verified this project isn't affected.

April 1, 2026 5 min read

Tailscale site-to-site pfSense - Linux

How to set up a Tailscale site-to-site L3 connection between a pfSense homelab subnet and a Linux cloud VM subnet.

April 6, 2024 3 min read

Loading comments...

Please enable JavaScript to view the comments powered by Giscus .