Allow disabling SSH access entirely

Currently all devices have SSH via balenaCloud enabled at all times, which means someone who can compromise a user’s Balena account immediately has root level access to every device they have deployed. At least in our case most of the time that access isn’t required, and shouldn’t really be available at all.

It would be great if there were a setting similar to the Public URL one that allows turning SSH access on and off via the Balena API. This would then allow us to use the device history API to be alerted whenever SSH access is enabled by a user, and ensure that there is a proper audit log of that access being granted.

Alex Gonzalez: Hey Jon, the Device configuration in the dashboard has a Enable / Disable VPN service on device that allows to disable the service. This can also be done via the API/SDK. Note that some features are unavailable with the VPN disabled, like hostOS updates and device checks.

The application could also limit the permissions of the SSH daemon using apparmor profiles if more fine grained control is required. Contact us via our support channels if you would like to know more about this.

Would the above options cover your use case?