Updated on 2025-09-29 GMT+08:00

Configuring an SSH Login IP Address Whitelist

Scenarios

The SSH login IP address whitelist helps to prevent brute-force attacks by restricting the IP addresses that can log in to servers via SSH. After an SSH login IP address whitelist is configured for a server, only the whitelisted IP addresses can log in to the server using SSH.

Constraints

  • An account can have up to 10 SSH login IP addresses in the whitelist.
  • If your server does not need to accept SSH logins, you do not need to configure the SSH login IP address whitelist.
  • Ensure all the IP addresses that need to log in to the server through SSH are added to the whitelist.
  • Exercise caution when adding an IP address to the whitelist. This will make HSS no longer restrict access from this IP address to your servers.

Configuring an SSH Login IP Address Whitelist

  1. Log in to the HSS console.
  2. Click in the upper left corner and select a region or project.
  3. Choose Installation & Configuration > Server Install & Config and click the Security Configuration tab. Click SSH IP Whitelist and click Add IP Address.
  1. In the dialog box that is displayed, enter a whitelisted login IP address and select servers. Confirm the information and click OK. For more information, see Table 1.

    Figure 1 Entering an IP address
    Table 1 Parameters for adding an SSH login IP address whitelist

    Parameter

    Description

    Enter an IP address to be added to the whitelist.

    Enter an IP address or CIDR block. The requirements are as follows:

    • You can add only one IP address or CIDR block at a time. To add multiple values, repeat the operation.
      Example:
      • IP address: 192.78.10.3 or fe80::1
      • CIDR block: 192.78.10.0/255.255.255.0, 192.78.10.0/24, or fe80::1:0/112
    • You can add up to 10 IP addresses to the whitelist.

    Select the servers that the IP address or subnet will be whitelisted for.

    Select the servers where you wish to apply the whitelisted SSH login IP addresses. You can select multiple servers at a time.

  2. Return to the SSH IP Whitelist sub-tab and check the added IP addresses. If they are displayed, the addition succeeded.