Stay Ahead With Linux Security HOWTOs
How to Secure My Network
access control Linux administration
access control Linux administration Most SSH hardening advice ends at the same recommendation: Disable password authentication and use SSH keys. . That's good advice. It removes entire classes of attacks, including password spraying, credential stuffing, and brute-force attempts against exposed servers. The problem is what happens next. Many administrators treat SSH keys as the finish line when they are really the beginning of the hardening process. Attackers rarely care whether they obtained access with a password or a private...
Jun 05, 2026
How to Secure My Networksecurity advisory remote access
security advisory remote access Most of the time, nobody notices. SSH authentication succeeds, no alerts are generated, and the connection looks exactly the way it did the day the key was installed. That's part of the problem. . When security teams investigate unauthorized access on Linux systems, they often focus on passwords, exposed services, or vulnerable software. Trusted access receives less attention. Yet a single forgotten or unauthorized SSH key can provide the same access as a legitimate user while attracting very...
Jun 03, 2026
How to Secure My Networkintrusion detection application security
intrusion detection application security The wrong IPS rule can look like a security fix right up until it becomes an outage. . On Linux systems, detection and prevention are often discussed together, but they do not carry the same operational risk. One tells admins that something suspicious happened. The other can decide whether traffic is allowed to continue. That is why IDS vs IPS is not just a definition to memorize. It is a deployment decision about where to monitor, where to block, and how much confidence a team needs before...
Jun 01, 2026
How to Secure My Networkunauthorized access security techniques
unauthorized access security techniques Exposed SSH servers are continuously hammered by brute-force attacks, password spraying, credential stuffing, and recycled passwords from infostealer dumps. Attackers rotate usernames, test weak credentials, and probe for anything that gives them initial access. The logs usually look messy long before the compromise happens. . The difficult part is separating harmless failures from actual intrusion activity. One failed login from an internal workstation rarely matters. Repeated failures...
May 28, 2026
How to Secure My Networksecurity advisory incident response
security advisory incident response The first 30 minutes after discovering a compromised Linux server usually decide how much evidence remains available. One rushed reboot or cleanup attempt can wipe logs, terminate malicious processes, or remove network activity that investigators still need to review. Attackers also do not usually stay on one system for long once access is established. Early response is mostly about preserving visibility. Collect process information. Save network connections. Limit access carefully before...
May 28, 2026
Refine HOWTOs
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security HOWTOs
We found -2 articles for you...
166
Linux securitypassword managementshell scriptingInstalling Sshpass: Secure Password Handling in Linux Shell Scripts
Shell scripts are an integral part of Linux but can often require passwords that shouldn't be hard-coded for security reasons. Instead, sshpass is a non-interactive tool specifically created for password automation in shell scripts. Here's how to install and use sshpass on Ubuntu-based and Fedora-based distributions to put a password in your Bash script. . How Can I Install sshpass? You'll need to run a Linux distribution to use sshpass . I will demonstrate using Ubuntu Server 22.04, but the app is also available for Fedora distributions. You'll need to have a user who has sudo permissions. Open a terminal and enter the following command to install sshpass in Ubuntu: Sudo apt-get sshpass install -y This command is for Fedora-based Distributions: sudo dnf install sshpass -y This is the end of the installation. Pretty simple, wasn't it? How Can I Use sshpass ? We will stick to our backup script. We must first create an encrypted password file. Create the file using the command: nano ~/.password You can name the file however you want, but I suggest hiding it by adding a period to the beginning. Add the password of the shell script account in that file and save it using the Ctrl x keyboard shortcut. Use the following to encrypt your file: gpg -c ~/.password You will be asked to enter and confirm a password. This command creates a file named .password.gpg which contains the encrypted password. The /.password can be deleted. How Do I Create the Shell Script? We're going to stick with our simple backup script. To demonstrate the sshpass commands, I will first show you how it works. A rsync back command that requires authentication looks like this: sshpass -p "PASSWORD" rsync -av /backup USER@SERVER:/home/USER/backup Where PASSWORD represents the remote user's password, USER is the remote username, and SERVER is the IP address of the remote server. The sshpass App will pass the password on to the rsync Command, andeverything should be working as expected. You don't want that password hard-coded, do you? You can avoid this by being creative in your script. Here's how it might look: #!/bin/bash gpg -d -q ~/.password.gpg | sshpass rsync -av /backup USER@SERVER:/home/USER/backup The SERVER parameter is the IP or domain address of the remote server. We've decrypted the .password.gpg and sent the output to sshpass, which is then used by rsync for connecting to the remote server to backup. It is a little tricky, but it's effective! Our Final Thoughts on sshpass and Its Security Implications for Linux Users Using sshpass will add an extra layer of security and allow you to automate scripts. While sshpass offers a convenient way to automate password-dependent scripts and enhance security by avoiding hard-coded passwords, it raises concerns. For instance, what happens if an attacker gains access to the machine and obtains the script? They would also have access to the encrypted password file, potentially compromising the security of the system. This highlights the importance of implementing additional security measures, such as proper file permissions and encryption protocols. Need additional guidance installing and using sshpass? Connect with us on X @lnxsec - we're here to help! . Learn how to install and use sshpass to manage passwords securely in shell scripts, streamlining automating SSH logins and enhancing efficiency. sshpass, secure password automation, shell scripting, Linux administration, password management. . Brittany Day
Feb 12, 2024
•
How to Learn Tips and Tricks
162
security practicespassword managementautomationSecurely Protect Passwords In Linux Bash Scripts For Automation
Shell scripts can save you time and effort, but if you don't protect your passwords, they can be a liability. Here's how to stay safe. . Bash scripts are an important part of a system administrator's job. They allow you to automate both mundane and critical tasks. One of the best things with scripts is that they can run independently without human intervention, but sometimes it can be challenging to automate tasks that require user passwords. Let's look at how you can securely automate scripts that require passwords without compromising security. . Discover methods to streamline Linux shell scripting safely with the implementation of encrypted credentials, boosting both security and operational effectiveness.. encrypted passwords, secure scripting, password management. . Brittany Day
Oct 05, 2022
•
How to Strengthen My Privacy
161
security managementperliptablesEffective IPTables Firewall Configuration with PCX Solution
PCX Firewall is an IPTables firewalling solution that uses Perl to generate static shell scripts based upon the user's configuration settings. This allows the firewall to startup quickly, as it does not have to parse config files every time it starts. The link for this article located at PCX Firewall is no longer available. . SecureRouter is an IPTables firewall that employs Python for rapid initialization by creating dynamic command scripts.. IPTables Deployment, Firewall Solutions, Shell Scripting, Security Management. . Anthony Pell
Nov 29, 2004
•
How to Secure My Firewall
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More