Updated on 2024-01-16 GMT+08:00

Configuring Server Login Protection

You can configure common login locations, common login IP addresses, and an SSH login IP address whitelist.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.

Configuring Common Login Locations

After you configure common login locations, HSS will generate alarms on the logins from other login locations. A server can be added to multiple login locations.

  1. Choose Installation & Configuration and click the Security Configuration tab. Click Common Login Locations and click Add Common Login Location.
  2. In the dialog box that is displayed, select a geographical location and select servers. Confirm the information and click OK.

    Figure 1 Configuring common login locations

  3. Return to the Security Configuration tab of the Installation & Configuration page. Check whether the added locations are displayed on the Common Login Locations subtab.

Configuring Common Login IP Addresses

After you configure common IP addresses, HSS will generate alarms on the logins from other IP addresses.

  1. Choose Installation & Configuration and click the Security Configuration tab. Click Common Login IP Addresses and click Add Common Login IP Address.
  1. In the dialog box that is displayed, enter an IP address and select servers. Confirm the information and click OK.

    • A common login IP address must be a public IP address or IP address segment. Otherwise, you cannot remotely log in to the server in SSH mode.
    • Only one IP address can be added at a time. To add multiple IP addresses, repeat the operations until all IP addresses are added. Up to 20 IP addresses can be added.
    Figure 2 Entering a common login IP address

  2. Return to the Security Configuration tab of the Installation & Configuration page. Check whether the added locations are displayed on the Common Login IP Addresses subtab.

Configuring an SSH Login IP Address Whitelist

The SSH login whitelist controls SSH access to servers to prevent account cracking.

  • An account can have up to 10 SSH login IP addresses in the whitelist.
  • After you configure an SSH login IP address whitelist, SSH logins will be allowed only from whitelisted IP addresses.
    • Before enabling this function, ensure that all IP addresses that need to initiate SSH logins are added to the whitelist. Otherwise, you cannot remotely log in to your server using SSH.

      If your service needs to access a server, but not necessarily via SSH, you do not need to add its IP address to the whitelist.

    • Exercise caution when adding an IP address to the whitelist. This will make HSS no longer restrict access from this IP address to your servers.
  1. Choose Installation & Configuration and click the Security Configuration tab. Click SSH IP Whitelist and click Add IP Address.
  1. In the dialog box that is displayed, enter an IP address and select servers. Confirm the information and click OK.

    • A common login IP address must be a public IP address or IP address segment. Otherwise, you cannot remotely log in to the server in SSH mode.
    • Only one IP address can be added at a time. To add multiple IP addresses, repeat the operations until all IP addresses are added.
    Figure 3 Entering an IP address

  2. Return to the Security Configuration tab of the Installation & Configuration page. Check whether the added locations are displayed on the Common Login IP Addresses subtab.