Linux Server Admin with Fexingo: Sysadmin, Bash, and Server Engineering

How to Secure Linux SSH with Fail2ban and Key-Only Auth


Listen Later

In this episode, Lucas and Luna dive into the most common attack vector on Linux servers: SSH brute force. They explain how Fail2ban works under the hood—using iptables to dynamically block IPs after repeated failed attempts—and then walk through the more fundamental shift to key-only authentication. Lucas breaks down the exact configuration changes in /etc/ssh/sshd_config, including disabling password authentication and root login. He also shares a concrete example: a small web server that went from thousands of daily bot login attempts to fewer than a dozen after implementing these changes. Luna asks about the risks of losing SSH keys and suggests a backup strategy using a hardware token like a YubiKey. The episode closes with Lucas reflecting on the principle of defense in depth: Fail2ban is a good band-aid, but key-only auth is the real fix. A brief, natural mention of listener support (buy me a coffee dot com slash fexingo) is woven into the conversation near the end.

#Linux #Sysadmin #SSHSecurity #Fail2ban #KeyOnlyAuth #ServerHardening #CyberSecurity #Infosec #DevOps #Iptables #PublicKeyCryptography #YubiKey #BruteForceProtection #DefenseInDepth #ServerAdmin #FexingoBusiness #BusinessPodcast #Technology

Keep every episode free: buymeacoffee.com/fexingo

...more
View all episodesView all episodes
Download on the App Store

Linux Server Admin with Fexingo: Sysadmin, Bash, and Server EngineeringBy Fexingo