Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Implement tighter security for SSH access

Description

Today we have inconsistent SSH access: some servers allow connections from the outside, others don't and some only from the IDRC network.

The goal is to restrict SSH access so connections are only accepted from a few bastion hosts.

An intermediate step is to restrict SSH access so only connections coming from the IDRC network are accepted. Later it can be restricted further to only the bastion hosts.

Initial tasks:

  • Modify iptables rules to allow SSH only from 205.211.169.0/24 (through Ansible group_vars)

  • Deploy bastion hosts (ssh01 and ssh02)

Environment

None

Activity

Show:

Giovanni Tirloni September 21, 2017 at 2:56 PM

SSH access is restricted at the firewall (requires authentication by trusted user to update firewall rules and allowing src IP of the user).

Giovanni Tirloni January 13, 2017 at 4:35 PM

These boxes were terminated a while ago because of performance issues at the time that were making Ansible very unstable. We should re-implement this.

Giovanni Tirloni September 4, 2015 at 2:16 PM

Created SSH servers tor1-prd-ssh01 and tor1-prd-ssh02. Address "ssh.inclusivedesign.ca" points at both (round-robin).

Won't Do

Details

Assignee

Reporter

Priority

Created August 4, 2015 at 7:02 PM
Updated September 21, 2017 at 2:56 PM
Resolved September 21, 2017 at 2:56 PM

Flag notifications