Master the art of remote server administration. This comprehensive guide covers essential tools, techniques, and best practices for efficiently managing Linux servers from anywhere in the world.
Typical remote server management architecture with bastion host and private network
Why Remote Server Management Matters
Modern infrastructure is distributed across data centers, cloud providers, and edge locations. Mastering remote administration is essential for:
- Cloud Infrastructure: Managing AWS, Azure, GCP, and other cloud platforms
- Disaster Recovery: Accessing systems during emergencies from any location
- Automation: Scripting and automating server management tasks
- Team Collaboration: Enabling multiple administrators to work on same systems
- Monitoring: Real-time monitoring and alert response from anywhere
- Cost Optimization: Reducing travel and on-site maintenance costs
1. Essential Remote Management Tools
SSH (Secure Shell)
ssh user@hostname
Secure remote command execution and shell access. The foundation of remote administration.
Core Tool
SCP (Secure Copy)
scp file user@host:/path
Securely copy files between local and remote systems. Simple and reliable for small transfers.
File Transfer
Rsync
rsync -avz source/ dest/
Advanced file synchronization with compression, delta transfers, and resume capability.
Sync Tool
SFTP
sftp user@hostname
Interactive file transfer protocol with SSH encryption. File explorer-like interface.
Interactive
SSH Tunnels
ssh -L port:host:port
Create secure tunnels for accessing services behind firewalls or NAT.
Tunneling
tmux/screen
tmux new -s session
Terminal multiplexers for persistent sessions, essential for long-running tasks.
Session Mgmt
Tool Comparison Matrix
SSHSCPRsyncSFTPFTP/FTPSHTTP/HTTPS2. Advanced SSH Usage
# Basic SSH connections
ssh user@hostname # Standard connection
ssh -p 2222 user@hostname # Non-standard port
ssh -i ~/.ssh/key.pem user@hostname # Specific identity file
# Execute remote commands
ssh user@hostname "ls -la" # Single command
ssh user@hostname << 'EOF'
cd /var/log
tail -f app.log
EOF
cat script.sh | ssh user@hostname bash # Pipe script
# Advanced options
ssh -o ConnectTimeout=10 user@hostname # Connection timeout
ssh -o ServerAliveInterval=30 user@hostname # Keep alive packets
ssh -o StrictHostKeyChecking=no user@hostname # Skip host key check (unsafe)
ssh -o LogLevel=DEBUG user@hostname # Debug logging
# Multiplexing (persistent connections)
ssh -o ControlMaster=yes -o ControlPath=~/.ssh/%r@%h:%p user@hostname
ssh -O check user@hostname # Check connection
ssh -O exit user@hostname # Close connection
# X11 Forwarding (GUI applications)
ssh -X user@hostname # Enable X11 forwarding
ssh -Y user@hostname # Trusted X11 forwarding
ssh -C user@hostname # Compression (slow networks)
# Jump hosts/bastion servers
ssh -J bastion@jumphost user@target # Jump host
ssh -o ProxyCommand="ssh -W %h:%p bastion@jumphost" user@target
SSH Configuration File Examples
~/.ssh/config - Advanced Connection Management
# ~/.ssh/config - SSH client configuration
# Global defaults
Host *
ServerAliveInterval 60
ServerAliveCountMax 3
TCPKeepAlive yes
Compression yes
ControlMaster auto
ControlPath ~/.ssh/control-%r@%h:%p
ControlPersist 10m
ConnectTimeout 10
LogLevel ERROR
# Production servers
Host prod-*
User admin
IdentityFile ~/.ssh/prod_key
Port 2222
StrictHostKeyChecking yes
UserKnownHostsFile ~/.ssh/known_hosts_prod
ForwardAgent no
ServerAliveInterval 30
Host prod-web
HostName 203.0.113.10
LocalForward 8080 localhost:80
Host prod-db
HostName 203.0.113.20
LocalForward 5432 localhost:5432
# Development servers
Host dev-*
User developer
IdentityFile ~/.ssh/dev_key
ForwardAgent yes
ServerAliveInterval 120
Host dev-web
HostName 192.168.1.100
Host dev-db
HostName 192.168.1.101
# Jump host configurations
Host bastion
HostName bastion.example.com
User jumpuser
IdentityFile ~/.ssh/bastion_key
ControlMaster auto
ControlPersist 1h
Host internal-*
ProxyJump bastion
User admin
IdentityFile ~/.ssh/internal_key
ForwardAgent no
Host internal-web
HostName 10.0.1.10
Host internal-db
HostName 10.0.1.20
# Cloud providers
Host *.compute.amazonaws.com
User ec2-user
IdentityFile ~/.ssh/aws_key.pem
StrictHostKeyChecking accept-new
Host *.cloud.google.com
User gcp-user
IdentityFile ~/.ssh/gcp_key
CheckHostIP no
# Special configurations
Host monitoring
HostName monitor.example.com
User nagios
IdentityFile ~/.ssh/monitoring_key
ExitOnForwardFailure yes
Host backup
HostName backup.example.com
User backup
IdentityFile ~/.ssh/backup_key
PreferredAuthentications publickey
PasswordAuthentication no
# Emergency access (high timeout)
Host emergency-*
ConnectTimeout 30
ServerAliveInterval 10
ServerAliveCountMax 123. File Transfer & Synchronization
SCP (Secure Copy) Examples
# Copy files from local to remote
scp file.txt user@hostname:/remote/path/ # Single file
scp -r directory/ user@hostname:/remote/path/ # Recursive directory
scp *.txt user@hostname:/remote/path/ # Multiple files
scp -P 2222 file.txt user@hostname:/path/ # Custom port
# Copy files from remote to local
scp user@hostname:/remote/file.txt ./ # To current directory
scp -r user@hostname:/remote/dir/ ./local/ # Recursive copy
scp user@hostname:'/remote/file*.txt' ./ # Wildcard with quotes
# Copy between two remote servers
scp user1@host1:/path/file user2@host2:/path/ # Through local machine
ssh user@host1 "cat /path/file" | ssh user@host2 "cat > /path/file"
# Advanced SCP options
scp -C file.txt user@hostname:/path/ # Compression
scp -l 1024 file.txt user@hostname:/path/ # Limit bandwidth (Kbit/s)
scp -c aes256-ctr file.txt user@hostname:/path/ # Specific cipher
scp -o ConnectTimeout=10 file.txt user@hostname:/path/
scp -v file.txt user@hostname:/path/ # Verbose mode
Rsync - The Ultimate Sync Tool
Rsync Examples - Efficient File Synchronization
# Basic Rsync patterns
rsync -avz local/ user@hostname:remote/ # Archive mode with compression
rsync -avz --delete local/ user@hostname:remote/ # Delete extra files on remote
rsync -avz --progress largefile.tar.gz user@hostname:remote/ # Show progress
# Common Rsync options:
# -a, --archive : Archive mode (recursive, preserves everything)
# -v, --verbose : Increase verbosity
# -z, --compress : Compress during transfer
# -P : Combination of --progress and --partial
# --delete : Delete extraneous files from destination
# --exclude=PATTERN : Exclude files matching PATTERN
# --include=PATTERN : Don't exclude files matching PATTERN
# --max-size=SIZE : Don't transfer files larger than SIZE
# --bwlimit=RATE : Limit I/O bandwidth
# --dry-run : Perform a trial run with no changes
# Backup examples
rsync -avz --delete --backup --backup-dir=../backup_$(date +%Y%m%d) /source/ /dest/
rsync -avz --link-dest=/previous_backup /source/ /current_backup/
# Remote sync with SSH
rsync -avz -e "ssh -p 2222" /local/ user@hostname:/remote/
rsync -avz -e "ssh -i ~/.ssh/key.pem" /local/ user@hostname:/remote/
# Bandwidth limiting (useful during business hours)
rsync -avz --bwlimit=1000 /local/ user@hostname:/remote/ # 1000 KB/s limit
# Partial transfers with resume capability
rsync -avz --partial /largefile user@hostname:/remote/
rsync -avz --partial-dir=.rsync-partial /largefile user@hostname:/remote/
# Exclude patterns
rsync -avz --exclude='*.tmp' --exclude='temp/' /source/ user@hostname:/dest/
rsync -avz --exclude-from=exclude_list.txt /source/ user@hostname:/dest/
# One-way mirror (destination becomes exact copy)
rsync -avz --delete --delete-excluded /source/ user@hostname:/dest/
# Backup verification
rsync -avz --checksum /source/ user@hostname:/dest/ # Compare file contents, not just size/time
# Network optimization
rsync -avz --compress-level=3 /source/ user@hostname:/dest/ # Lower CPU, faster network
rsync -avz --skip-compress=gz/jpg/mp4 /source/ user@hostname:/dest/ # Don't compress already compressed filesDecision flowchart for choosing the right file transfer tool
4. SSH Tunnels & Port Forwarding
Local Port Forwarding (Access Remote Services)
# Basic local port forwarding
ssh -L 8080:localhost:80 user@webserver # Forward remote port 80 to local 8080
ssh -L 3306:dbserver:3306 user@bastion # Forward through bastion
# Multiple port forwards
ssh -L 8080:localhost:80 -L 3306:localhost:3306 user@server
ssh -L 5432:db.internal:5432 -L 6379:redis.internal:6379 user@bastion
# Dynamic SOCKS proxy
ssh -D 1080 user@server # Create SOCKS5 proxy on port 1080
ssh -D 127.0.0.1:1080 user@server # Bind to specific interface
# Remote port forwarding (expose local services)
ssh -R 8080:localhost:80 user@remoteserver # Expose local port 80 to remote
ssh -R 0.0.0.0:8080:localhost:80 user@server # Bind to all interfaces on remote
# Gateway ports (allow remote connections to forwarded port)
ssh -R 8080:localhost:80 -g user@server # -g allows remote connections
# Tunnel configuration in ~/.ssh/config
Host tunnel
HostName server.example.com
LocalForward 8080 localhost:80
LocalForward 3306 localhost:3306
DynamicForward 1080
Practical Tunnel Examples
1 Access internal web application
# Web app running on port 3000 on internal server
ssh -L 3000:localhost:3000 user@internal-server
# Now access http://localhost:3000 in browser2 Database access through bastion
# PostgreSQL on internal network (10.0.1.20:5432)
ssh -L 5432:10.0.1.20:5432 user@bastion
# Connect with: psql -h localhost -p 5432 -U dbuser3 Browser through SOCKS proxy
# Create proxy to access internal web resources
ssh -D 1080 -C user@bastion
# Configure browser to use SOCKS5 proxy localhost:10804 Expose local development server
# Show local work to colleague
ssh -R 8080:localhost:3000 colleague@their-server
# Colleague accesses http://their-server:80805. Session Management & Productivity
tmux - Terminal Multiplexer
tmrc - Remote Session Management
# Starting and managing tmux sessions
tmux new -s mysession # Create new session named 'mysession'
tmux attach -t mysession # Attach to existing session
tmux ls # List all sessions
tmux kill-session -t mysession # Kill specific session
tmux rename-session -t oldname newname # Rename session
# Essential tmux shortcuts (prefix: Ctrl+b)
# Ctrl+b % : Split pane vertically
# Ctrl+b " : Split pane horizontally
# Ctrl+b arrow : Switch between panes
# Ctrl+b x : Close current pane
# Ctrl+b d : Detach from session
# Ctrl+b s : Switch between sessions
# Ctrl+b [ : Enter copy mode (scroll)
# Ctrl+b ] : Paste from buffer
# Ctrl+b z : Zoom current pane
# Ctrl+b Ctrl+arrow : Resize pane
# Configuration (~/.tmux.conf)
set -g default-terminal "screen-256color"
set -g base-index 1 # Start window numbering at 1
setw -g pane-base-index 1 # Start pane numbering at 1
set -g mouse on # Enable mouse support
set -g history-limit 10000 # Increase scrollback buffer
# Status bar customization
set -g status-interval 1
set -g status-justify centre
set -g status-left-length 40
set -g status-right-length 140
set -g status-left "#[fg=green]#S #[fg=white]|"
set -g status-right "#[fg=cyan]#(date '+%Y-%m-%d %H:%M') | #{cpu_percentage} | #{ram_percentage}"
# Key bindings
bind r source-file ~/.tmux.conf \; display "Reloaded config"
bind | split-window -h
bind - split-window -v
bind h select-pane -L
bind j select-pane -D
bind k select-pane -U
bind l select-pane -R
# Session scripts for common tasks
# ~/scripts/tmux-dev.sh
#!/bin/bash
tmux new-session -d -s dev -n editor
tmux send-keys -t dev:editor "vim" C-m
tmux new-window -t dev -n shell
tmux split-window -h -t dev:shell
tmux new-window -t dev -n logs
tmux send-keys -t dev:logs "tail -f /var/log/app.log" C-m
tmux select-window -t dev:editor
tmux attach -t devscreen - Alternative Multiplexer
# Basic screen commands
screen -S sessionname # Start new named session
screen -r sessionname # Reattach to session
screen -ls # List sessions
screen -X -S sessionname quit # Kill session
# Common screen shortcuts (prefix: Ctrl+a)
# Ctrl+a c : Create new window
# Ctrl+a n : Next window
# Ctrl+a p : Previous window
# Ctrl+a " : List windows
# Ctrl+a 0-9 : Switch to window 0-9
# Ctrl+a A : Rename window
# Ctrl+a d : Detach from session
# Ctrl+a k : Kill current window
# Ctrl+a [ : Enter copy mode
# Ctrl+a ] : Paste from buffer
# Ctrl+a S : Split horizontally
# Ctrl+a | : Split vertically
# Ctrl+a Tab : Switch between panes
# Configuration (~/.screenrc)
shell -$SHELL
defscrollback 5000
startup_message off
caption always "%{= kw}%-w%{= BW}%50>%n %t%{-}%+w%<"
hardstatus alwayslastline "%{= kW} %-Lw%{= BW}%50> [%n %t] %{-}%+Lw%< %{= kG} %D %d/%m %c"6. Monitoring & Troubleshooting Remote Systems
Real-time Monitoring Commands
# System performance monitoring
ssh user@server "top -b -n 1" | head -20 # One-shot top output
ssh user@server "htop" # Interactive htop (if installed)
ssh user@server "vmstat 1 10" # Virtual memory stats
ssh user@server "iostat -x 1 5" # Disk I/O statistics
# Disk space monitoring
ssh user@server "df -h" # Disk free space
ssh user@server "du -sh /var/* | sort -hr" # Directory sizes
ssh user@server "lsblk" # Block device information
# Network monitoring
ssh user@server "ss -tulpn" # Socket statistics
ssh user@server "netstat -tulpn" # Network connections
ssh user@server "iftop" # Network bandwidth usage
ssh user@server "nload" # Network load monitor
# Process monitoring
ssh user@server "ps aux --sort=-%cpu | head -10" # Top CPU processes
ssh user@server "ps aux --sort=-%mem | head -10" # Top memory processes
ssh user@server "pstree -ap" # Process tree
# Log monitoring
ssh user@server "tail -f /var/log/syslog" # Follow system log
ssh user@server "journalctl -f" # Follow journal (systemd)
ssh user@server "dmesg -w" # Watch kernel messages
# Service status
ssh user@server "systemctl list-units --type=service --state=running"
ssh user@server "systemctl --failed" # Failed services
ssh user@server "service --status-all" # All service status (SysV)
Automated Monitoring Script
#!/bin/bash
# remote-monitor.sh - Monitor multiple remote servers
set -euo pipefail
# Configuration
SERVERS=(
"user@web1.example.com"
"user@web2.example.com"
"user@db.example.com"
"user@cache.example.com"
)
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Functions
check_disk() {
local server="$1"
local threshold="$2"
echo -e "${BLUE}Checking disk space on $server...${NC}"
ssh "$server" "df -h / /var /home 2>/dev/null || df -h" | \
awk -v threshold="$threshold" '
NR==1 {print}
NR>1 && $5+0 > threshold {printf "\033[1;31m%s\033[0m\n", $0; next}
{print}
'
echo
}
check_memory() {
local server="$1"
echo -e "${BLUE}Checking memory on $server...${NC}"
ssh "$server" "free -h"
echo
}
check_load() {
local server="$1"
echo -e "${BLUE}Checking load average on $server...${NC}"
ssh "$server" "uptime"
echo
}
check_services() {
local server="$1"
local services="$2"
echo -e "${BLUE}Checking services on $server...${NC}"
for service in $services; do
if ssh "$server" "systemctl is-active --quiet $service 2>/dev/null"; then
echo -e " ${GREEN}✓${NC} $service"
else
echo -e " ${RED}✗${NC} $service"
fi
done
echo
}
check_ports() {
local server="$1"
local ports="$2"
echo -e "${BLUE}Checking ports on $server...${NC}"
for port in $ports; do
if ssh "$server" "nc -z localhost $port 2>/dev/null"; then
echo -e " ${GREEN}✓${NC} Port $port"
else
echo -e " ${RED}✗${NC} Port $port"
fi
done
echo
}
# Main monitoring loop
echo -e "${YELLOW}=== Remote Server Monitoring Report ===${NC}\n"
echo "Generated: $(date)"
echo "========================================"
for server in "${SERVERS[@]}"; do
echo -e "\n${YELLOW}🔍 Monitoring: $server${NC}"
echo "========================================"
# Check connectivity first
if ! ssh -o ConnectTimeout=5 "$server" "echo 'Connected'" &>/dev/null; then
echo -e "${RED}❌ Cannot connect to $server${NC}"
continue
fi
# Run checks
check_disk "$server" 80
check_memory "$server"
check_load "$server"
check_services "$server" "nginx mysql sshd"
check_ports "$server" "22 80 443 3306"
echo "========================================"
done
echo -e "\n${GREEN}✅ Monitoring complete${NC}"7. Security & Best Practices
Remote Server Security Best Practices:
1. Use key-based authentication: Disable password authentication entirely
2. Implement firewall rules: Allow SSH only from trusted IPs:
3. Change default SSH port: Reduce automated attack surface (but security through obscurity)
4. Use fail2ban: Automatically block IPs after failed attempts
5. Regular updates: Keep SSH server and client updated:
6. Disable root login: Use
7. Limit user access: Use
8. Use strong ciphers: Configure
9. Monitor auth logs: Regularly check
10. Use VPN for sensitive systems: Place critical servers behind VPN, not public internet
1. Use key-based authentication: Disable password authentication entirely
2. Implement firewall rules: Allow SSH only from trusted IPs:
ufw allow from 192.168.1.0/24 to any port 223. Change default SSH port: Reduce automated attack surface (but security through obscurity)
4. Use fail2ban: Automatically block IPs after failed attempts
5. Regular updates: Keep SSH server and client updated:
apt update && apt upgrade openssh-server6. Disable root login: Use
PermitRootLogin no in sshd_config7. Limit user access: Use
AllowUsers or AllowGroups8. Use strong ciphers: Configure
Ciphers and MACs in sshd_config9. Monitor auth logs: Regularly check
/var/log/auth.log or /var/log/secure10. Use VPN for sensitive systems: Place critical servers behind VPN, not public internet
SSH Hardening Configuration
/etc/ssh/sshd_config - Security Hardened
# SSH Server Hardening Configuration
# Basic settings
Port 2222 # Change from default 22
Protocol 2 # Only SSH protocol 2
ListenAddress 0.0.0.0 # Or specific IP
# Authentication
PubkeyAuthentication yes
PasswordAuthentication no # Disable password auth
ChallengeResponseAuthentication no
UsePAM no
PermitEmptyPasswords no
# Login restrictions
PermitRootLogin no # Disable root login
MaxAuthTries 3 # Limit authentication attempts
MaxSessions 10 # Limit concurrent sessions
LoginGraceTime 60 # Disconnect if no login in 60s
ClientAliveInterval 300 # Send keepalive every 5 minutes
ClientAliveCountMax 2 # Max 2 missed keepalives
# User restrictions
AllowUsers alice bob charlie # Only specific users
AllowGroups ssh-users # Only specific groups
DenyUsers root admin # Explicitly deny users
DenyGroups bad-group
# Cryptographic settings
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
# Security features
StrictModes yes # Check file permissions
UsePrivilegeSeparation yes
Compression no # Disable compression (CRIME attack)
X11Forwarding no # Disable X11 forwarding
AllowTcpForwarding no # Disable port forwarding (unless needed)
AllowAgentForwarding no # Disable agent forwarding
PermitTunnel no
PrintMotd no # Disable message of the day
PrintLastLog yes # Show last login info
TCPKeepAlive no # Let SSH handle keepalives
# Logging
SyslogFacility AUTH
LogLevel VERBOSE # Or INFO for less verbose
# Match blocks for specific users/hosts
Match User backup
AllowTcpForwarding yes # Allow forwarding for backup user
PermitTTY no # No TTY for backup user
Match Address 192.168.1.0/24
PasswordAuthentication yes # Allow passwords from internal network8. Automation & Scripting
Bulk Server Operations
#!/bin/bash
# bulk-operations.sh - Execute commands on multiple servers
set -euo pipefail
# Server list (can also read from file)
SERVERS=(
"user@web1.example.com"
"user@web2.example.com"
"user@db1.example.com"
"user@db2.example.com"
"user@cache.example.com"
)
# Colors
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
NC='\033[0m'
# Function to execute command on server
run_on_server() {
local server="$1"
local command="$2"
echo -e "${YELLOW}➜${NC} Executing on ${GREEN}$server${NC}:"
echo -e " ${YELLOW}Command:${NC} $command"
if ssh -o ConnectTimeout=10 -o BatchMode=yes "$server" "$command"; then
echo -e " ${GREEN}✓ Success${NC}\n"
return 0
else
echo -e " ${RED}✗ Failed${NC}\n"
return 1
fi
}
# Function to distribute file
distribute_file() {
local local_file="$1"
local remote_path="$2"
for server in "${SERVERS[@]}"; do
echo -e "${YELLOW}➜${NC} Distributing to ${GREEN}$server${NC}"
if scp "$local_file" "$server:$remote_path"; then
echo -e " ${GREEN}✓ File copied${NC}\n"
else
echo -e " ${RED}✗ Failed to copy${NC}\n"
fi
done
}
# Example operations
case "${1:-}" in
update)
echo "Updating packages on all servers..."
for server in "${SERVERS[@]}"; do
run_on_server "$server" "sudo apt update && sudo apt upgrade -y"
done
;;
restart-service)
service="${2:?Service name required}"
echo "Restarting $service on all servers..."
for server in "${SERVERS[@]}"; do
run_on_server "$server" "sudo systemctl restart $service"
done
;;
disk-check)
echo "Checking disk space on all servers..."
for server in "${SERVERS[@]}"; do
run_on_server "$server" "df -h"
done
;;
deploy)
file="${2:?File required}"
path="${3:-/tmp/}"
echo "Deploying $file to $path on all servers..."
distribute_file "$file" "$path"
;;
custom)
command="${2:?Command required}"
echo "Executing custom command on all servers..."
for server in "${SERVERS[@]}"; do
run_on_server "$server" "$command"
done
;;
*)
echo "Usage: $0 {update|restart-service|disk-check|deploy|custom}"
echo "Examples:"
echo " $0 update"
echo " $0 restart-service nginx"
echo " $0 deploy script.sh /usr/local/bin/"
echo " $0 custom 'ls -la /var/log'"
exit 1
;;
esac
echo -e "${GREEN}✅ All operations completed${NC}"Ansible for Remote Management
# ansible/remote-management.yml
- name: Manage remote servers
hosts: all
become: yes
vars:
ssh_users:
- name: alice
keys:
- "ssh-ed25519 AAA... alice@laptop"
- name: bob
keys:
- "ssh-ed25519 AAA... bob@desktop"
packages:
- htop
- tmux
- ncdu
- fail2ban
tasks:
- name: Update package cache
apt:
update_cache: yes
cache_valid_time: 3600
- name: Install essential packages
apt:
name: "{{ packages }}"
state: present
- name: Configure SSH hardening
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: '0644'
notify: restart sshd
- name: Configure fail2ban
copy:
dest: /etc/fail2ban/jail.local
content: |
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
notify: restart fail2ban
- name: Create SSH users
user:
name: "{{ item.name }}"
groups: sudo
shell: /bin/bash
create_home: yes
state: present
loop: "{{ ssh_users }}"
- name: Deploy SSH keys
authorized_key:
user: "{{ item.name }}"
key: "{{ item.keys | first }}"
state: present
exclusive: yes
loop: "{{ ssh_users }}"
- name: Set up monitoring
copy:
dest: /usr/local/bin/server-monitor
content: |
#!/bin/bash
echo "=== System Status ==="
uptime
echo ""
echo "=== Memory ==="
free -h
echo ""
echo "=== Disk ==="
df -h
mode: '0755'
- name: Schedule daily health check
cron:
name: "Daily health check"
minute: "0"
hour: "6"
job: "/usr/local/bin/server-monitor | mail -s 'Daily Health Check' admin@example.com"
handlers:
- name: restart sshd
service:
name: sshd
state: restarted
- name: restart fail2ban
service:
name: fail2ban
state: restartedMaster Remote Server Management
Remote server administration is a critical skill for modern system administrators and DevOps engineers. By mastering SSH, file transfer tools, tunneling, session management, and automation techniques, you can efficiently manage servers anywhere in the world.
Remember: Always prioritize security when managing remote systems. Use key-based authentication, implement proper firewall rules, and regularly update your systems. Develop standardized procedures and automate repetitive tasks to improve reliability and reduce human error.
Next Steps: Practice these techniques in a lab environment. Set up a personal bastion host and private network. Create comprehensive SSH config files for your servers. Develop monitoring scripts for your infrastructure. As you gain experience, you'll be able to manage complex distributed systems with confidence and efficiency.