Thank you for your kindly answer.
I am using a private server. My country is a developing country; what i am afraid of is that the personal staff of my hosting provider can clone my school website for some purpose. Example: he/she can export database to have my user's emails.
Actually, i did use a credit hosting provider but during some operations, i recognized they can access everything in my plesk-panel, certainly for support purpose. The case leading to this conclusion is, when i requested supports on Cron Job configuration, they have left an test-email in email server to test cron-job.
All what i expect from Moodle security is a basic means to help protecting database or moodledata by a user's password (external password), even they can access from shell commands. As you know, the user/pass to log into mysql is configured in config.php. this is vulnerable to database, even by a non-technical guy.
I will follow your keyword: ssh key and FACLs to see what it can help.