πŸ” Day 7 of #150DaysOfDevOps – SSH, SCP & IPTables Explained with Real Scenarios

Vignesh MVignesh M
5 min read

Welcome to Day 7 of the #150DaysOfDevOps challenge. Today we’re going beyond the commands to understand the why behind secure connections and traffic filtering using SSH, SCP, and IPTables.

πŸ” What is SSH and Why Should You Use It?

SSH (Secure Shell) is the most common method to securely connect to remote Linux servers.

βœ… Real-World Scenario:

You're a DevOps engineer managing servers across AWS, Azure, and on-prem. You use SSH daily to:

  • Configure environments

  • Restart services

  • Pull logs and deploy code

πŸ”§ Basic SSH Commands:

  • Login to remote server:

      ssh user@hostname_or_ip

    Use this when you need terminal access to a remote server.

  • Alternate syntax using -l (login):

      ssh -l user hostname_or_ip

πŸ” Passwordless Authentication

Instead of typing passwords each time, use key-pair authentication.

Why?

  • Increases security

  • Ideal for automation (e.g., scripts, CI/CD)

  • Generate key pair (on client):

      ssh-keygen -t rsa

    Saves keys in ~/.ssh/id_rsa (private) and id_rsa.pub (public)

  • Copy public key to server:

      ssh-copy-id user@remote-host

  • Login without password:

      ssh remote-host

  • Check key setup on server:

      cat ~/.ssh/authorized_keys

πŸ“¦ What is SCP and Why Should You Use It?

SCP (Secure Copy Protocol) lets you copy files/directories between systems over SSH.

βœ… Real-World Scenario:

You finished generating a .tar.gz backup file on your laptop. Now, you need to copy it to the remote production server securely.

🧰 SCP Commands:

  • Copy a single file:

      scp /path/file user@host:/target/dir

    Use when transferring config files, logs, or backups.

  • Copy directory recursively:

      scp -pr /source/dir user@host:/target/dir

  • Common mistake – copying to restricted folder:

      scp file user@host:/root   # Permission denied without sudo

Remember, you need write permissions on the target directory.

🧱 IPTables – What, Why & When?

IPTables is a Linux firewall tool used to allow or block traffic using configurable rules.

βœ… Real-World Scenario:

Meet Kiran, a DevOps engineer. She notices too many failed SSH login attempts in logs. Instead of panicking, she opens her terminal and writes some iptables rules to block untrusted IPs and only allow from her office network.

πŸ”§ Installing IPTables:

sudo apt install iptables

πŸ“„ List Rules:

sudo iptables -L

Use this to audit your current firewall setup.

βœ… Allow Specific IP & Ports

sudo iptables -A INPUT -p tcp -s 172.16.238.187 --dport 22 -j ACCEPT

Allow SSH access only from your office IP.

sudo iptables -A INPUT -p tcp -s 172.16.238.187 --dport 80 -j ACCEPT

Allow HTTP traffic from that IP.

🚫 Block All Incoming Traffic:

sudo iptables -A INPUT -j DROP

Default deny. Block all other unwanted traffic.

❓ DROP vs REJECT

  • DROP: Silently drops the request.

  • REJECT: Informs the source it was rejected.

πŸ” Block Outgoing Traffic (e.g., malware prevention)

sudo iptables -A OUTPUT -p tcp --dport 80 -j DROP

Block access to HTTP (non-secure browsing).

βœ… Allow Only Secure HTTPS to Google

sudo iptables -I OUTPUT -p tcp -d google.com --dport 443 -j ACCEPT

🧹 Clean Up Rules (Using Line Number)

  • View rule numbers:

      sudo iptables -L --line-numbers

  • Delete specific rule:

      sudo iptables -D INPUT 3

βš™οΈ Advanced Use-Cases

  • Allow multiple ports:

      iptables -A INPUT -p tcp -m multiport --dports 22,80,443 -j ACCEPT

  • Block ping requests (ICMP):

      iptables -A INPUT -p icmp -i eth0 -j DROP

  • Block a specific MAC address:

      iptables -A INPUT -m mac --mac-source 0e:Ds:8n:mq:00:de -j DROP

⏲️ Cron Jobs in Linux

Cron is a time-based job scheduler in Unix-like systems. It lets you schedule scripts or commands to run automatically at set intervals.

βœ… Why Use Cron?

  • Schedule backups every night

  • Run cleanup scripts every hour

  • Restart services at reboot

🧠 How It Works

  • The schedule is defined in a crontab file.

  • Use crontab -e to edit the schedule.

🧾 Crontab Syntax:

* * * * * command-to-execute
- - - - -
| | | | |
| | | | +----- Day of the week (0 - 7) (Sunday = 0 or 7)
| | | +------- Month (1 - 12)
| | +--------- Day of month (1 - 31)
| +----------- Hour (0 - 23)
+------------- Minute (0 - 59)

πŸ”– Special Strings:

  • @reboot – Run once at startup

  • @daily – Run once a day

  • @weekly, @monthly, @yearly – Self-explanatory

πŸ§ͺ Examples:

  • Every 30 minutes:

      */30 * * * * /path/to/script.sh

  • Every hour:

      0 * * * * /path/to/another_script.sh

  • Every Sunday at midnight:

      0 0 * * 0 /path/to/weekly_report.sh

  • Monthly job:

      0 0 15 * * /path/to/midmonth.sh

  • Yearly:

      0 0 1 1 * /path/to/newyear.sh

πŸ“Œ Final Thoughts

  • SSH gives secure terminal access.

  • SCP transfers data across systems securely.

  • IPTables protects your system from unauthorized traffic.

  • Cron helps automate tasks at the OS level, making systems smarter and more efficient.

πŸ§ͺ Practice tip: Combine all of these to build a full DevOps automation pipeline from access β†’ file transfer β†’ firewall β†’ scheduling.

#DevOps #SSH #SCP #LinuxFirewall #LinuxSecurity #150DaysOfDevOps #SystemAdmin #iptables #CloudEngineer #CronJobs

0
Subscribe to my newsletter

Read articles from Vignesh M directly inside your inbox. Subscribe to the newsletter, and don't miss out.

DevopsLinuxsshscpiptablescronjobautomation

Written by

Vignesh M
Vignesh M

πŸ› οΈ DevOps Engineer in Progress | πŸš€ Documenting my #150DaysOfDevOps journey | πŸ’‘ Passionate about Linux, Cloud & Automation | 🌐 Sharing what I learn every day