Lesson 2: Killing Port 22 - How to Securely Manage Linux in the Cloud

🚀 The Challenge
Most beginners open Port 22 to the entire world so they can SSH into their servers. This is a massive mistake. In minutes, bots will start brute-forcing your server. Today, I built a server with zero inbound ports.

🛠️ The Solution: AWS Systems Manager (SSM)
Instead of using an SSH key (which is a file that can be leaked), I used IAM Roles.

1. I gave my EC2 an IAM Identity (AmazonSSMManagedInstanceCore).
2. I closed all inbound firewall rules.
3. I connected via the AWS browser console.

🐧 Hardening the OS
Once inside, I didn't just leave it "stock." I performed three critical hardening steps:

• Patch Management: Upgraded all packages to the latest security versions.
• Audit: Used ss -tulpn to verify that no hidden services were listening.
• Persistence: Enabled dnf-automatic so the server self-patches security updates daily.