Default Model SG Rules
James Beedy
jamesbeedy at gmail.com
Fri Jan 27 17:33:42 UTC 2017
A default SG rule generated for every model allows 22 from 0.0.0.0/0, I'm
guessing this is because we are trying to facilitate the use case for juju
deployed on a public cloud, and instances being ssh accessed from the
internet and not from behind VPN in the same address space.
A functionality which would allow users who don't want ssh open to the
world to close it, either completely, or limit to a private address space,
would be very helpful (especially because Juju reverts any changes made to
the SG, so I couldn't even lock down port 22 if I wanted to).
Is it possible to introduce a model config param that we could use to tell
juju where to allow ssh traffic from?
Quick fix: Introduce an 'ssh-allow' param that could be used to open and
close port 22 on the SG generated for the model?
Better fix: Introduce a config param 'ssh-access', where default value is
0.0.0.0/0, which could then be modified to an address space that fits the
users security needs.
How do others feel about this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20170127/8c94f55b/attachment.html>
More information about the Juju
mailing list