• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Question SSH Securing Server

W

weelow

Basic Pleskian
I have my admin user account as
user: adminaccount
password: RSA key encrypted with a password

now my server is secure, however i want to give access to users to be able to authenticate with password over sftp. So i enabled password authentication on the sever using the sshd_config file.
and also changing the plesk plans to allow ssh charooted access.

What worries me right now is the security. how can i protect the server from ddos and brute force attacks now that the server will authenticate with password it makes it susceptible to attacks.

Any tips?
 
You can limit the IP addresses or IP ranges for accessing a service from the outside by entering them into the /etc/hosts.allow file of your system. Please check it on Google to find out more on hosts.allow.

It is recommended, too, to use the fail2ban SSH jail, so that brute force attempts are quickly identified and the attacker's IP is blocked before it can try many user/password combinations.
 
You must log in or register to reply here.

Similar threads

M
Resolved SSH type seems disallowed on migration from WHM to Plesk
Replies
1
Views
296
MHC_1
M
T
Issue Stop Plesk Brute Force Attacks NOW: Cloudflare + Windows Server Fix
Replies
0
Views
479
TheHostingHeroes
T
Jürgen_T
Question Massive Brute-Force Attacks on Plesk Panel – Looking for Additional Protection Measures
Replies
15
Views
2K
Franky H
F
brother4
Question Why isn't xmlrpc.php monitored by the WordPress jail in Fail2Ban?
Replies
8
Views
2K
Maarten
M
Mi-Z
Resolved Opening SSH Terminal in Plesk fails
Replies
10
Views
836
Mi-Z
Mi-Z
Back
Top