How do I harden SSH on a Linux server?
Keys instead of passwords, no root login, and fail2ban cover most of it.
Try this first
- 1Disable password login, keys only
- 2Disable root login, sudo via regular user
- 3Fail2ban against brute force
- 4Port 22 only behind VPN or trusted subnet
When to bring us in
Server must expose SSH publicly: add MFA and strict audit logging.
See also
- One DC or two DCs for an SMB office?Two is almost always the right answer; one DC is a single point of failure for logon, DNS and GPOs.
- Should I split FSMO roles across two DCs?For a small domain all on one DC is fine; with two DCs splitting is tidier but not required.
- How do I know my AD replication is healthy?Replication errors creep in silently; they only surface when logins or GPOs misbehave.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.