Configuring Server Login Protection
You can configure common login locations, common login IP addresses, and an SSH login IP address whitelist.
Configuring Common Login Locations
After you configure common login locations, HSS will generate alarms on the logins from other login locations. A server can be added to multiple login locations.
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
- Choose Installation & Configuration > Server Install & Config and click the Security Configuration tab. Click Common Login Locations and click Add Common Login Location.
- In the dialog box that is displayed, select a geographical location and select servers. Confirm the information and click OK.
Figure 1 Configuring common login locations
- Return to the Security Configuration tab of the Installation & Configuration page. Check whether the added locations are displayed on the Common Login Locations subtab.
HSS has a learning process for remote login alarms. Therefore, after common login locations are added, the first three login locations are regarded as common login locations, and alarms are generated only for the fourth and subsequent non-common login locations.
Configuring Common Login IP Addresses
After you configure common IP addresses, HSS will generate alarms on the logins from other IP addresses.
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
- Choose Installation & Configuration > Server Install & Config and click the Security Configuration tab. Click Common Login IP Addresses and click Add Common Login IP Address.
- In the dialog box that is displayed, enter an IP address and select servers. Confirm the information and click OK.
- A common login IP address must be a public IP address or IP address segment.
- Only one IP address can be added at a time. To add multiple IP addresses, repeat the operations until all IP addresses are added. Up to 20 IP addresses can be added.
Figure 2 Entering a common login IP address
- Return to the Security Configuration tab of the Installation & Configuration page. Check whether the added locations are displayed on the Common Login IP Addresses subtab.
Configuring an SSH Login IP Address Whitelist
The SSH login whitelist controls SSH access to servers to prevent account cracking.
- An account can have up to 10 SSH login IP addresses in the whitelist.
- After you configure an SSH login IP address whitelist, SSH logins will be allowed only from whitelisted IP addresses.
- Before enabling this function, ensure that all IP addresses that need to initiate SSH logins are added to the whitelist. Otherwise, you cannot remotely log in to your server using SSH.
If your service needs to access a server, but not necessarily via SSH, you do not need to add its IP address to the whitelist.
- Exercise caution when adding an IP address to the whitelist. This will make HSS no longer restrict access from this IP address to your servers.
- Before enabling this function, ensure that all IP addresses that need to initiate SSH logins are added to the whitelist. Otherwise, you cannot remotely log in to your server using SSH.
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
- Choose Installation & Configuration > Server Install & Config and click the Security Configuration tab. Click SSH IP Whitelist and click Add IP Address.
- In the dialog box that is displayed, enter an IP address and select servers. Confirm the information and click OK.
- A common login IP address must be a public IP address or IP address segment. Otherwise, you cannot remotely log in to the server in SSH mode.
- Only one IP address can be added at a time. To add multiple IP addresses, repeat the operations until all IP addresses are added.
Figure 3 Entering an IP address
- Return to the Security Configuration tab of the Installation & Configuration page. Check whether the added locations are displayed on the Common Login IP Addresses subtab.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot