Configuring Server Login Protection
You can configure common login locations, common login IP addresses, and an SSH login IP address whitelist.
Configuring Common Login Locations
A common login location is a geographical location where a user usually uses an account to log in.
HSS continuously monitors the logins of all server accounts, dynamically identifies and adds common login locations, and generates remote login alarms for uncommon login locations. Up to four common login locations can be dynamically added for each server.
After HSS protection is enabled, no alarms will be generated for the location where a user performs the first login. Common login locations include:
- Locations where more than 10 logins occurred.
- Locations where two logins occurred during four consecutive logins.
You can add up to 10 common login locations. HSS will not generate alarms for the logins from these locations.
To view dynamic common login locations and manually add common login locations, perform the following steps:
- Log in to the HSS console.
- Click
in the upper left corner and select a region or project.
- Choose Installation & Configuration > Server Install & Config and click the Security Configuration tab. Click Common Login Locations and click Add Common Login Location.
- Click View Dynamic Common Login Locations to view the common login locations dynamically identified and added by HSS.
- Click Add Common Login Location and manually add locations.
- In the dialog box that is displayed, select a geographical location and select servers. Confirm the information and click OK.
Figure 1 Configuring common login locations
- Return to the Security Configuration tab of the Installation & Configuration page. Check whether the added locations are displayed on the Common Login Locations subtab.
Configuring Common Login IP Addresses
After you configure common IP addresses, HSS will generate alarms on the logins from other IP addresses.
- Log in to the HSS console.
- Click
in the upper left corner and select a region or project.
- Choose Installation & Configuration > Server Install & Config and click the Security Configuration tab. Click Common Login IP Addresses and click Add Common Login IP Address.
- In the dialog box that is displayed, enter a common login IP address and select servers. Confirm the information and click OK. For more information, see Table 1.
Figure 2 Entering a common login IP address
Table 1 Parameters for adding a protected directory Parameter
Description
Common login IP address
Enter an IP address or CIDR block. The requirements are as follows:
- You can add only one IP address or CIDR block at a time. To add multiple values, repeat the operation.
- You can add a maximum of 20 login IP addresses.
Servers where the common login IP address configuration takes effect
Select the servers where you wish to apply the common login IP addresses. You can select multiple servers at a time.
- Return to the Security Configuration tab of the Installation & Configuration page. Check whether the added locations are displayed on the Common Login IP Addresses subtab.
Configuring an SSH Login IP Address Whitelist
The SSH login whitelist controls SSH access to servers to prevent account cracking.
- An account can have up to 10 SSH login IP addresses in the whitelist.
- After you configure an SSH login IP address whitelist, SSH logins will be allowed only from the whitelisted IP addresses.
- Before enabling this function, ensure that all IP addresses that need to initiate SSH logins are added to the whitelist. Otherwise, you cannot remotely log in to your server using SSH.
If your service needs to access a server, but not necessarily via SSH, you do not need to add its IP address to the whitelist.
- Exercise caution when adding an IP address to the whitelist. This will make HSS no longer restrict access from this IP address to your servers.
- Before enabling this function, ensure that all IP addresses that need to initiate SSH logins are added to the whitelist. Otherwise, you cannot remotely log in to your server using SSH.
- Log in to the HSS console.
- Click
in the upper left corner and select a region or project.
- Choose Installation & Configuration > Server Install & Config and click the Security Configuration tab. Click SSH IP Whitelist and click Add IP Address.
- In the dialog box that is displayed, enter a whitelisted login IP address and select servers. Confirm the information and click OK. For more information, see Table 2.
Figure 3 Entering an IP address
Table 2 Parameters for adding an SSH login IP address whitelist Parameter
Description
Whitelisted IP address
Enter an IP address or CIDR block. The requirements are as follows:
- You can add only one IP address or CIDR block at a time. To add multiple values, repeat the operation.
- You can add up to 10 IP addresses to the whitelist.
Server where the common whitelist IP address configuration takes effect
Select the servers where you wish to apply the whitelisted SSH login IP addresses. You can select multiple servers at a time.
- Return to the Security Configuration tab of the Installation & Configuration page. Check whether the added locations are displayed on the Common Login IP Addresses subtab.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot