Skip to content

Feature Request: Disable SSH #6708

New issue
New issue
Open
Open
Feature Request: Disable SSH#6708
Labels
backlog
@mapk-amazon

Description

@mapk-amazon
mapk-amazon
opened on Mar 13, 2025

Current

ParallelCluster always deploys the security of the headnode with port 22 open. The default being open for 0.0.0.0/0. Best practises is typically not using SSH at all and instead use SSM or similar.

Feature Description

https://docs.aws.amazon.com/parallelcluster/latest/ug/HeadNode-v3.html#HeadNode-v3-Ssh

Add an optional parameter Enabled to Ssh:

Ssh:
  KeyName: string
  AllowedIps: string
  Enabled: boolean

The default should be true to be compatible with the previous setting. If Enabled is given and has the value false, then KeyName and AllowedIps may not be provided. The security of the head node will not get an entry for SSH.

Current workaround

Use 0.0.0.0/32 as AllowedIps. But it adds to confusion and (potentially) to some security risk.

Metadata

Metadata

Assignees

No one assigned

    Labels

    backlog

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions