EPISODE · Jun 13, 2026 · 8 MIN
How to Secure Linux SSH with Fail2ban and Key-Only Auth
from Linux Server Admin with Fexingo: Sysadmin, Bash, and Server Engineering · host Fexingo
In this episode, Lucas and Luna dive into the most common attack vector on Linux servers: SSH brute force. They explain how Fail2ban works under the hood—using iptables to dynamically block IPs after repeated failed attempts—and then walk through the more fundamental shift to key-only authentication. Lucas breaks down the exact configuration changes in /etc/ssh/sshd_config, including disabling password authentication and root login. He also shares a concrete example: a small web server that went from thousands of daily bot login attempts to fewer than a dozen after implementing these changes. Luna asks about the risks of losing SSH keys and suggests a backup strategy using a hardware token like a YubiKey. The episode closes with Lucas reflecting on the principle of defense in depth: Fail2ban is a good band-aid, but key-only auth is the real fix. A brief, natural mention of listener support (buy me a coffee dot com slash fexingo) is woven into the conversation near the end. #Linux #Sysadmin #SSHSecurity #Fail2ban #KeyOnlyAuth #ServerHardening #CyberSecurity #Infosec #DevOps #Iptables #PublicKeyCryptography #YubiKey #BruteForceProtection #DefenseInDepth #ServerAdmin #FexingoBusiness #BusinessPodcast #Technology Keep every episode free: buymeacoffee.com/fexingo
What this episode covers
In this episode, Lucas and Luna dive into the most common attack vector on Linux servers: SSH brute force. They explain how Fail2ban works under the hood—using iptables to dynamically block IPs after repeated failed attempts—and then walk through the more fundamental shift to key-only authentication. Lucas breaks down the exact configuration changes in /etc/ssh/sshd_config, including disabling password authentication and root login. He also shares a concrete example: a small web server that went from thousands of daily bot login attempts to fewer than a dozen after implementing these changes. Luna asks about the risks of losing SSH keys and suggests a backup strategy using a hardware token like a YubiKey. The episode closes with Lucas reflecting on the principle of defense in depth: Fail2ban is a good band-aid, but key-only auth is the real fix. A brief, natural mention of listener support (buy me a coffee dot com slash fexingo) is woven into the conversation near the end. #Linux #Sysadmin #SSHSecurity #Fail2ban #KeyOnlyAuth #ServerHardening #CyberSecurity #Infosec #DevOps #Iptables #PublicKeyCryptography #YubiKey #BruteForceProtection #DefenseInDepth #ServerAdmin #FexingoBusiness #BusinessPodcast #Technology Keep every episode free: buymeacoffee.com/fexingo
NOW PLAYING
How to Secure Linux SSH with Fail2ban and Key-Only Auth
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m