View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions How Can I Disable SSH On My LKE Worker Nodes?
Log in to Ask a Question
✓ Solved

How Can I Disable SSH On My LKE Worker Nodes?

ssh security lke daemonset
Linode Staff

I would like to secure my LKE cluster's worker nodes by disabling SSH. Is this possible?

1 Reply

Linode Staff

✓ Best Answer

You can automatically stop and disable SSH across all present and future worker nodes by utilizing a daemonset like this:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: disable-ssh
  namespace: kube-system
spec:
  selector:
    matchLabels:
      run: disable-ssh
  template:
    metadata:
      labels:
        run: disable-ssh
    spec:
      # needs hostPID to use systemctl
      hostPID: true
      # tolerate everyting
      tolerations:
      - operator: Exists
      containers:
      - name: startup-script
        image: gcr.io/google-containers/startup-script:v1
        securityContext:
          privileged: true
        env:
        - name: STARTUP_SCRIPT
          value: |
            #!/bin/bash
            set -o errexit
            set -o xtrace
            if systemctl is-active ssh.service; then
              systemctl stop ssh.service
            fi
            if systemctl is-enabled ssh.service; then
              systemctl disable ssh.service
            fi

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct