🐧 Day 6: Linux Security, SSH, and Automation Basics

Purpose

This document introduces essential Linux security concepts every DevOps engineer must understand. It focuses on secure access using SSH, basic firewall awareness, and the automation mindset required to manage systems efficiently at scale.

---

Why Security Matters in DevOps

In DevOps, systems are:

• Exposed to the internet

• Accessed by multiple users and services

• Continuously deployed and updated

Without basic security practices, systems become easy targets for misconfiguration, unauthorized access, or outages caused by human error.

---

Secure Remote Access with SSH

What Is SSH?

SSH (Secure Shell) is a protocol used to securely connect to remote Linux systems.

It is commonly used for:

• Server administration

• Deployments

• Troubleshooting production issues

SSH Connection

Admin@DESKTOP-PRFKT2P MINGW64 ~
$ ssh saad@192.168.0.118
The authenticity of host '192.168.0.118 (192.168.0.118)' can't be established.
ED25519 key fingerprint is SHA256:Pc8EC10Te/WaUkGfZ7Q1P3tBVqU7TETyiJhOE/Nob8Q.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:1: 192.168.0.119
    ~/.ssh/known_hosts:4: [127.0.0.1]:2222
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.0.118' (ED25519) to the list of known hosts.
saad@192.168.0.118's password:
Welcome to Ubuntu 24.04.3 LTS (GNU/Linux 6.14.0-37-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

Expanded Security Maintenance for Applications is not enabled.

89 updates can be applied immediately.
3 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status

Last login: Tue Dec 16 19:48:39 2025 from 10.0.3.2
saad@saad-VirtualBox:~$

This command establishes an encrypted connection to a remote server.

SSH Key-Based Authentication

Using passwords for SSH access is insecure and does not scale in DevOps environments. SSH key-based authentication solves these problems by using cryptographic keys instead of passwords.

Why SSH Keys Are Used

• Passwords can be guessed, reused, or leaked

• Automated systems cannot safely store passwords

• Keys provide stronger, non-brute-force authentication

• Access can be revoked easily by removing a key

How SSH Key Authentication Works (Short)

• A key pair is generated: a public key and a private key

• The public key is stored on the server

• The private key remains on the client and is never shared

• During login, the server verifies the client using cryptographic proof

Only if the private key matches the public key on the server is access granted.

Generate SSH Key

Admin@DESKTOP-PRFKT2P MINGW64 ~
$ ssh-keygen
Generating public/private ed25519 key pair.

Copy Key to Server

Admin@DESKTOP-PRFKT2P MINGW64 ~
$ ssh-copy-id saad@192.168.0.118
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/c/Users/Admin/.ssh/id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
saad@192.168.0.118's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'saad@192.168.0.118'"
and check to make sure that only the key(s) you wanted were added.


Admin@DESKTOP-PRFKT2P MINGW64 ~
$ ssh saad@192.168.0.118
Welcome to Ubuntu 24.04.3 LTS (GNU/Linux 6.14.0-37-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

Expanded Security Maintenance for Applications is not enabled.

89 updates can be applied immediately.
3 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status

Last login: Thu Dec 18 12:45:41 2025 from 192.168.0.106

Benefits of SSH keys:

• Stronger security

• No password sharing

• Automation-friendly

Basic Firewall Awareness

A firewall controls incoming and outgoing network traffic based on defined rules. It acts as a security layer between a system and the network.

In Linux, common firewall tools include:

iptables

iptables is a low-level firewall tool that directly manages packet filtering rules in the Linux kernel.

• Very powerful and flexible

• Rule-based and chain-based (INPUT, OUTPUT, FORWARD)

• Commonly found on older and enterprise Linux systems

Because of its complexity, it is usually managed indirectly through higher-level tools.

---

nftables

nftables is the modern replacement for iptables.

• Simpler and more efficient rule management

• Better performance and scalability

• Unified framework for packet filtering

Most modern Linux distributions are moving toward nftables.

---

ufw

ufw (Uncomplicated Firewall) is a user-friendly firewall management tool.

• Designed for simplicity

• Commonly used on Ubuntu systems

• Suitable for basic firewall configurations

Example:

ufw allow 22

At a minimum, DevOps engineers must understand that:

• Services can be running but still inaccessible

• Firewall rules may block required ports

• Security always involves controlled accessible

• Firewall rules may block required ports

• Security always involves controlled access

---

Principle of Least Privilege

Systems should grant only the permissions required to perform a task.

Examples:

• Avoid logging in as root

• Use sudo only when necessary

• Restrict SSH access to specific users

This principle reduces the impact of security breaches and mistakes.

Automation Mindset

Manual work does not scale.

In DevOps:

• Repeated tasks should be automated

• Configuration should be consistent

• Human error should be minimized

Linux provides the foundation for automation through:

• Shell scripts

• Cron jobs

• Configuration management tools

Simple Automation Example

saad@saad-VirtualBox:/$ sudo touch script.sh
saad@saad-VirtualBox:/$ sudo vi script.sh
saad@saad-VirtualBox:/$ sudo chown saad:saad script.sh
saad@saad-VirtualBox:/$ ls -ltr | grep script.sh
-rwxr-xr-x   1 saad saad         65 Dec 18 13:10 script.sh
saad@saad-VirtualBox:/$ ./script.sh
Server health check
 13:11:28 up 29 min,  2 users,  load average: 0.13, 0.07, 0.03
Filesystem      Size  Used Avail Use% Mounted on
tmpfs           246M  1.6M  245M   1% /run
/dev/sda2        15G   13G  1.9G  87% /
tmpfs           1.3G   12K  1.3G   1% /dev/shm
tmpfs           5.0M  8.0K  5.0M   1% /run/lock
tmpfs           246M  120K  246M   1% /run/user/1000
               total        used        free      shared  buff/cache   available
Mem:           2.4Gi       1.3Gi       244Mi        28Mi       1.0Gi       1.1Gi
Swap:          2.4Gi          0B       2.4Gi
saad@saad-VirtualBox:/$

Even simple scripts can save time and reduce errors.

---

Security in DevOps Context

Linux security knowledge is applied when:

• Hardening servers

• Securing CI/CD runners

• Managing cloud instances

• Preparing systems for containerization

Security is not a one-time task, but a continuous responsibility.

---

Summary

Day 6 introduced essential Linux security practices including secure remote access with SSH, firewall awareness, least privilege principles, and the automation mindset. This marks the completion of Linux fundamentals required for DevOps work.