The CentralHost blog — practical articles on Linux server operations, security and fleet management.https://www.centralhost.sh/enhttps://www.centralhost.sh/blog/close-port-22-without-locking-yourself-out/https://www.centralhost.sh/blog/close-port-22-without-locking-yourself-out/Closing SSH to the world is the easy part. The reason people don't is fear of being locked out. Here's how to keep two ways in — everyday and emergency — and only then shut the door, using CentralHost's own firewall and bastion.Sat, 13 Jun 2026 00:00:00 GMTsecuritysshlinuxhttps://www.centralhost.sh/blog/external-support-without-sharing-credentials/https://www.centralhost.sh/blog/external-support-without-sharing-credentials/A ticket lands where the only fix lives on the box — and the person who can fix it doesn't work for you. Sharing root or spinning up a temp SSH user are both bets you'll regret. CentralHost issues a one-time, time-boxed, audited terminal instead: the guest operates the server without ever holding a credential to it.Fri, 12 Jun 2026 00:00:00 GMTsecuritysshsupporthttps://www.centralhost.sh/blog/ssh-doesnt-remember-what-you-did/https://www.centralhost.sh/blog/ssh-doesnt-remember-what-you-did/A shell session is gone the moment you close it — no record of the commands, the output, or the order. This is why CentralHost records every operator terminal: not to watch anyone, but because a record beats your memory at 2am two weeks later.Fri, 12 Jun 2026 00:00:00 GMTsecuritysshaudithttps://www.centralhost.sh/blog/what-you-changed-on-a-clients-server/https://www.centralhost.sh/blog/what-you-changed-on-a-clients-server/You have root on machines you don't own. Sooner or later a client asks what your team did in there — and "trust me" is not an answer. The difference between a defensive conversation and a five-second one is whether the work was recorded.Fri, 12 Jun 2026 00:00:00 GMTsecuritysshaudithttps://www.centralhost.sh/blog/client-says-email-lands-in-spam/https://www.centralhost.sh/blog/client-says-email-lands-in-spam/"My mail goes to spam" isn't something you can act on — until you turn it into two yes/no questions. The manual path through CentralHost's deliverability checks: is the IP blocklisted, and do SPF/DKIM/DMARC actually resolve?Thu, 11 Jun 2026 00:00:00 GMTemaildeliverabilitytroubleshootinghttps://www.centralhost.sh/blog/find-the-cause-of-a-50x-error-with-ai/https://www.centralhost.sh/blog/find-the-cause-of-a-50x-error-with-ai/Across a fleet, the slow part of a 5xx outage isn't the fix — it's the triage. A walkthrough: find the host with one search, then let the AI Assistant trace the root cause.Thu, 11 Jun 2026 00:00:00 GMTaitroubleshootingfleethttps://www.centralhost.sh/blog/mail-queue-spike-compromised-mailbox/https://www.centralhost.sh/blog/mail-queue-spike-compromised-mailbox/A queue that grows on its own is rarely a mail-server problem — it's a compromised account. How CentralHost names the culprit mailbox, stops the bleed, and resets it behind an approval gate.Thu, 11 Jun 2026 00:00:00 GMTaiemailsecurityhttps://www.centralhost.sh/blog/stop-exposing-port-22/https://www.centralhost.sh/blog/stop-exposing-port-22/Hardening sshd is not the same as removing it from the attack surface. Three levels, from key-only auth to closing the port entirely.Sat, 06 Jun 2026 00:00:00 GMTsecuritysshlinux