• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question SSH Securing Server

W

weelow

Basic Pleskian
I have my admin user account as
user: adminaccount
password: RSA key encrypted with a password

now my server is secure, however i want to give access to users to be able to authenticate with password over sftp. So i enabled password authentication on the sever using the sshd_config file.
and also changing the plesk plans to allow ssh charooted access.

What worries me right now is the security. how can i protect the server from ddos and brute force attacks now that the server will authenticate with password it makes it susceptible to attacks.

Any tips?
 
You can limit the IP addresses or IP ranges for accessing a service from the outside by entering them into the /etc/hosts.allow file of your system. Please check it on Google to find out more on hosts.allow.

It is recommended, too, to use the fail2ban SSH jail, so that brute force attempts are quickly identified and the attacker's IP is blocked before it can try many user/password combinations.
 
You must log in or register to reply here.

Similar threads

M
Resolved SSH type seems disallowed on migration from WHM to Plesk
Replies
1
Views
217
MHC_1
M
T
Issue Stop Plesk Brute Force Attacks NOW: Cloudflare + Windows Server Fix
Replies
0
Views
345
TheHostingHeroes
T
Jürgen_T
Question Massive Brute-Force Attacks on Plesk Panel – Looking for Additional Protection Measures
Replies
15
Views
2K
Franky H
F
brother4
Question Why isn't xmlrpc.php monitored by the WordPress jail in Fail2Ban?
Replies
8
Views
2K
Maarten
M
M
Issue Opening SSH Terminal in Plesk fails
Replies
9
Views
454
alvarezcruz
alvarezcruz
Back
Top