Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FAQ: Control ssh access FAQ #384

Merged
merged 2 commits into from
Jan 13, 2020
Merged

FAQ: Control ssh access FAQ #384

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3cc205d
add control ssh access FAQ
drnickiw Feb 11, 2019
43f0a6a
Update how-to-control-ssh-access.md
osterman Jan 13, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions content/faq/how-to-control-ssh-access.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
title: "How do we control SSH access?"
description: "There are a few recommended approaches. We recommend to always use a bastion."
tags:
- SSH
- Gravitational Teleport
- kops
- bastion
---

## Question

How do we control who has SSH access?

## Answer

There are a few recommended approaches. First and foremost is to use Gravitational Teleport, which supports SSO/OIDC.

The alternative approach is to use our [github-authorized-keys service](https://github.com/cloudposse/github-authorized-keys), which automatically provisions users on servers using a combination of their GitHub team membership and public key to authorize them.

We recommend to always use a bastion. With `kops`, a bastion is provisioned automatically. Similarly, with Teleport, a proxy gateway acts as a bastion. Lastly, we provide a [bastion container](https://github.com/cloudposse/bastion) that can be used for other use cases.