https://ygramitzky.de/tags/devops/Recent content in DevOps on Yanis Gramitzky - Infrastructure & AutomationHugo -- gohugo.ioenThu, 19 Mar 2026 09:00:00 +0100https://ygramitzky.de/posts/docker/docker_compose/Thu, 19 Mar 2026 09:00:00 +0100https://ygramitzky.de/posts/docker/docker_compose/<h2 id="what-is-docker-compose">What Is Docker Compose?</h2> <p>Docker Compose is a tool for defining and running <strong>multi-container applications</strong>. Instead of typing long <code>docker run</code> commands with dozens of flags, you describe your entire stack — services, networks, volumes, secrets — in a single YAML file. One command (<code>docker compose up</code>) brings everything to life.</p> <p>Compose is the standard way to run local development environments, CI pipelines, and even lightweight production workloads. Understanding its full vocabulary gives you precise control over how your containers behave.</p>https://ygramitzky.de/posts/ssh-hardening/Thu, 19 Mar 2026 08:00:00 +0100https://ygramitzky.de/posts/ssh-hardening/<h2 id="why-harden-ssh">Why Harden SSH?</h2> <p>SSH (Secure Shell) is the backbone of remote server administration. It encrypts traffic and provides authenticated access — but out of the box, most SSH daemons ship with settings optimized for compatibility, not security.</p> <p>A default SSH setup is vulnerable to:</p> <ul> <li><strong>Brute-force and credential stuffing attacks</strong> — automated bots hammer port 22 around the clock</li> <li><strong>Weak cipher suites</strong> — legacy algorithms like MD5 and arcfour can be exploited</li> <li><strong>Root login exposure</strong> — a compromised root session means total system takeover</li> <li><strong>Password-based auth</strong> — passwords can be guessed, leaked, or phished</li> <li><strong>Idle session hijacking</strong> — abandoned sessions left open are an open door</li> </ul> <p>Hardening SSH is one of the highest-ROI security measures you can take. It reduces your attack surface dramatically with minimal operational overhead.</p>