Currently all devices have SSH via balenaCloud enabled at all times, which means someone who can compromise a user’s Balena account immediately has root level access to every device they have deployed. At least in our case most of the time that access isn’t required, and shouldn’t really be available at all.
It would be great if there were a setting similar to the Public URL one that allows turning SSH access on and off via the Balena API. This would then allow us to use the device history API to be alerted whenever SSH access is enabled by a user, and ensure that there is a proper audit log of that access being granted.