ssh

SSH hardening is basic but still worth doing carefully. I disable password auth, restrict root login, and pair strong settings with operational practices like host key monitoring and per-user key lifecycle management. Security without maintainability

Fail2ban is not a complete defense, but it is a useful friction layer for noisy abuse. I use it where login failures or repeated 401s clearly indicate hostile automation. It works best when paired with centralized logs and upstream rate limiting, not