SC-Cleared Linux & Cloud Security Contract Consultant
Secure Shell (SSH) is the standard tool for remote administration of Linux systems. In practice, it is also one of the most common weaknesses I encounter when reviewing environments. Misconfigurations are frequent, and attackers actively exploit them. Hardening SSH is one of the most effective early steps in strengthening infrastructure security. 1. Why SSH Security … Read more
Short version: Use SSHFS for occasional admin access, not as a core storage layer. Mount over SSH with per-user keys, prefer read-only, and avoid backup loops. 1) Install (client) # Debian/Ubuntu sudo apt update && sudo apt install -y sshfs # RHEL/Rocky/Alma sudo dnf install -y fuse-sshfs 2) One safe pattern (read-only) sudo mkdir -p … Read more
Short version: Prefer SSM Session Manager for human access. If you must use SSH, use per-user keys, a bastion or tight source CIDRs, and a hardened sshd_config. No shared logins. No password auth. 1) Choose the access pattern Pattern When to use Notes SSM Session Manager Default for most estates No SSH ports open; IAM-controlled; … Read more
Problem: You need to reach a service on a host behind NAT. A reverse tunnel lets the hidden host dial out to a bastion, exposing its local port only on that bastion. 1) One approved pattern On the hidden host (client), create a reverse tunnel to the bastion. This exposes client’s local SSH on bastion … Read more
Secure Shell (SSH) is the default entry point into most Linux systems. Unfortunately, it is also the most common attack vector exploited by automated bots and opportunistic attackers. So for any organisation running Linux servers — whether on-premises, in the cloud, or hybrid — hardening SSH is one of the simplest, highest-impact security steps you … Read more