Server

How can I default settings to prevent SSH authentication using the root password?

When the radio button [Select] has been selected for [Public Key] at the time of creating a server (custom), adding a disk, or modifying a disk, a menu for selecting the public key that was registered at the settings screen is displayed. Also, a checkbox entitled [Prohibit SSH Login Via Password/Challenge Response] is displayed. When both of these items are activated at the time of server creation, only public key authentication is used for the SSH authentication method.

Please note that when this function is used, a public key will be required for SSH login to the server. This applies to all users, not just root users.

Furthermore, operation of this function has been confirmed for public archives provided by SAKURA internet. Please note that we cannot guarantee correct operation when a server is created from an archive created by the customer.

How can I re-enable SSH login using a password?

Please modify the configuration file as listed below.

● File requiring changes
/etc/ssh/sshd_config

Location of changes

#PermitRootLogin yes ←コメントを外す
PermitRootLogin without-password ←コメントにする

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes ←コメントを外す
ChallengeResponseAuthentication no ←コメントにする

# To disable password authentication, set this and UsePam to no
#PasswordAuthentication yes ←コメントを外す
#PermitEmptyPasswords no
PasswordAuthentication no ←コメントにする
PermitEmptyPasswords no

#UsePAM yes ←コメントを外す
UsePAM no ←コメントにする

Is it possible to protect against invalid connection and attacks immediately after creating servers?

By setting Packet filter function when creating a server or before starting a server that has already been created, it is possible to start the server with unnecessary ports already in a blocked state. Also, by connecting to an internal network domain created via a firewall, etc., that was constructed using a server which has two VPC routers or NICs installed, it is possible to start the server in a safe environment.

*The customer must construct the internal network in advance.

If there is damage such as unauthorized access to the server, etc., can I have the log provided?

The server, disks, etc., are within Scope of customer administrative responsibility. Accordingly, we ask customers to acquire logs, etc., that are recorded in the server. Information on traffic and disk I/O is listed in Activity graph. Information on control panel login and operation status is listed in Event log. Please also check these records.