Stay Ahead With Linux Security HOWTOs
How to Secure My Network
access control Linux administration
access control Linux administration Most SSH hardening advice ends at the same recommendation: Disable password authentication and use SSH keys. . That's good advice. It removes entire classes of attacks, including password spraying, credential stuffing, and brute-force attempts against exposed servers. The problem is what happens next. Many administrators treat SSH keys as the finish line when they are really the beginning of the hardening process. Attackers rarely care whether they obtained access with a password or a private...
Jun 05, 2026
How to Secure My Networksecurity advisory remote access
security advisory remote access Most of the time, nobody notices. SSH authentication succeeds, no alerts are generated, and the connection looks exactly the way it did the day the key was installed. That's part of the problem. . When security teams investigate unauthorized access on Linux systems, they often focus on passwords, exposed services, or vulnerable software. Trusted access receives less attention. Yet a single forgotten or unauthorized SSH key can provide the same access as a legitimate user while attracting very...
Jun 03, 2026
How to Secure My Networkintrusion detection application security
intrusion detection application security The wrong IPS rule can look like a security fix right up until it becomes an outage. . On Linux systems, detection and prevention are often discussed together, but they do not carry the same operational risk. One tells admins that something suspicious happened. The other can decide whether traffic is allowed to continue. That is why IDS vs IPS is not just a definition to memorize. It is a deployment decision about where to monitor, where to block, and how much confidence a team needs before...
Jun 01, 2026
How to Secure My Networkunauthorized access security techniques
unauthorized access security techniques Exposed SSH servers are continuously hammered by brute-force attacks, password spraying, credential stuffing, and recycled passwords from infostealer dumps. Attackers rotate usernames, test weak credentials, and probe for anything that gives them initial access. The logs usually look messy long before the compromise happens. . The difficult part is separating harmless failures from actual intrusion activity. One failed login from an internal workstation rarely matters. Repeated failures...
May 28, 2026
How to Secure My Networksecurity advisory incident response
security advisory incident response The first 30 minutes after discovering a compromised Linux server usually decide how much evidence remains available. One rushed reboot or cleanup attempt can wipe logs, terminate malicious processes, or remove network activity that investigators still need to review. Attackers also do not usually stay on one system for long once access is established. Early response is mostly about preserving visibility. Collect process information. Save network connections. Limit access carefully before...
May 28, 2026
Refine HOWTOs
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security HOWTOs
We found -3 articles for you...
163
encryptionremote accessopensshEssential Strategies to Strengthen and Secure Your OpenSSH Server
Looking to secure and harden your OpenSSH server? Check out this tutorial, which provides valuable tips and advice on how this can be done. . When it comes to accessing remote devices such as servers, routers, and switches, SSH protocol comes highly recommended given its ability to encrypt traffic and ward off anyone who might try to eavesdrop on your connections. Be that as it may, the default settings of SSH are not infallible and additional tweaks are needed to make the protocol more secure. In this guide, we explore different ways that you can use to secure and harden OpenSSH installation on the server. . Fortify and strengthen your OpenSSH setup by employing practical strategies and methods to enhance SSH authentication for offsite connectivity.. OpenSSH Security, Secure SSH, Hardening Techniques. . Brittany Day
Jul 09, 2020
•
How to Secure My Webserver
166
network securityencryptionaccess controlOpenSSH Secure Remote Access Setup And Configuration Guide
Telnet is a popular way to access a remote system, unfortunately, it is incredibly insecure.. Telnet, along with rlogin, rcp, and rsh, are known to be insecure ways of connecting to a remote system. They are unencrypted and send login information in plain text. Because of this, anyone between the telnet client and the telnet server can intercept the packets and gain private information. Secure SHell (SSH) is a replacement for these types of remote access schemes. OpenSSH (the version of SSH that is talked about in this tip) uses Secure Socket Layer (specifically OpenSSL) to create an encrypted tunnel between the SSH client and the SSH server. With this tunnel in place, everything sent between the two computers is encrypted, so if a packet sniffer between the two systems is capturing packets, it will not be able to make use of the data collected. Installation Download and install the rpms: openssl-0.9.5a-3.i386.rpm openssh-2.1.1p4-1.i386.rpm openssh-server-2.1.1p4-1.i386.rpm openssh-clients-2.1.1p4-1.i386.rpm Setup After reading man sshd, although it is probably correct as is, read /etc/ssh/sshd_config. Since OpenSSH uses TCP_WRAPPERS, add the hosts to be allowed to use SSH into /etc/hosts.allow and block everyone else in /etc/hosts.deny. An example for /etc/hosts.allow that allows everyone in the 192.168.1 subnet to use SSH is: sshd: 192.168.1.0/255.255.255.0 In /etc/hosts.deny, add this line to default block everyone from using Secure SHell: sshd: ALL Start sshd by running: /etc/rc.d/init.d/sshd start To use the SSH client, first you must make a key. Run /usr/bin/ssh-keygen ssh-keygen creates a public and private key to be used for encryption and decryption of data sent through the encrypted tunnel. Here is a sample run of ssh-keygen: [sabaka00@CC989892-A sabaka00]# ssh-keygen Generating RSA keys: ...............................ooooooO...ooooooO Key generation complete. Enter file in which to save the key (/sabaka00/.ssh/identity): Enterpassphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /sabaka00/.ssh/identity. Your public key has been saved in /sabaka00/.ssh/identity.pub. The key fingerprint is: c2:ff:74:c5:e5:7d:b7:23:56:bb:11:8c:8a:97:77:7a sabaka00@CC989892-A [sabaka00@CC989892-A sabaka00]# For more information about ssh-keygen, read man ssh-keygen. Once you have created the public and private keys, copy the public key, normally found at $HOME/.ssh/identity.pub, to the host that is going to be connected to. The key should be in $HOME/.ssh/authorized_keys of the user that will be logged into on the remote system. Make sure the public key is on a single line in the authorized_keys file. Use After the keys are set up on the local and remote systems, connect to an SSH server like this: ssh -l -i host An example would be: [sabaka00@CC989892-A sabaka00]$ ssh -l sabaka00 192.168.1.1
Aug 14, 2000
•
How to Learn Tips and Tricks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More