I have been using the same SSH key for three years. Yes, I know. It was on my to-do list, right next to "rotate AWS credentials" and "fix the DNS TTL". I finally did it last weekend and it was way less painful than I expected.
Every server I deploy gets brute-force attempted within hours. SSH, HTTP auth, FTP, doesn't matter. The internet is full of bots scanning entire IP ranges 24/7 and they will find you. fail2ban is the lazy dev's answer to this. It reads your logs, spots repeated
I keep seeing people overcomplicate their firewall setup with fancy wrappers and GUI tools. iptables is not that hard, and understanding it directly saves you when those wrappers break ( because they always do at the worst time ). Here's how I set up iptables on every new server. The
I wrote a post back in 2017 about updating SSH to version 7.5p1. Seven years and countless servers later, SSH is still the tool I use more than anything else — and I've learned a lot of tricks that save me time every single day. Most of them
On the night of 13 April 2026, between 22:21:20 and 22:21:27 UTC, someone — or more accurately, some script — extracted the admin API key from my self-hosted Ghost blog. The entire exfiltration took seven seconds. I was asleep. By the time I looked at the logs the
Follow the instructions to update ssh on the latest version. The process requires patching the current source, which is unfortunately not written anywhere in the open-ssh website. Package Information -Download (HTTP): http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.5p1.tar.gz Download MD5 sum: 652fdc7d8392f112bef11cacf7e69e23 Download size: 1.