Thanks for creating/sharing those bugs, it looks like the milestone got changed to "None" though ...
I've created a new one here: https://bugs.launchpad.net/juju/+bug/1661275 Possibly you could link those in, and put some heat on it for me? On Sun, Jan 29, 2017 at 2:11 PM, Michael Nelson < [email protected]> wrote: > On Sat, Jan 28, 2017 at 4:34 AM James Beedy <[email protected]> wrote: > >> A default SG rule generated for every model allows 22 from 0.0.0.0/0, >> I'm guessing this is because we are trying to facilitate the use case for >> juju deployed on a public cloud, and instances being ssh accessed from the >> internet and not from behind VPN in the same address space. >> >> A functionality which would allow users who don't want ssh open to the >> world to close it, either completely, or limit to a private address space, >> would be very helpful (especially because Juju reverts any changes made to >> the SG, >> > > I created a bug about that a while back: > > https://bugs.launchpad.net/juju-core/+bug/1420996 > > As per the last change there, it was targeted for 2.1.0 until just > recently. > > > >> so I couldn't even lock down port 22 if I wanted to). >> >> Is it possible to introduce a model config param that we could use to >> tell juju where to allow ssh traffic from? >> > > Again, an older bug, but I'd be keen to see that not just for 22/ssh, but > in general when exposing services: > > https://bugs.launchpad.net/bugs/1401358 > > but that may not fit the new juju2 models since the bug was written. > > >> >> Quick fix: Introduce an 'ssh-allow' param that could be used to open and >> close port 22 on the SG generated for the model? >> >> Better fix: Introduce a config param 'ssh-access', where default value is >> 0.0.0.0/0, which could then be modified to an address space that fits >> the users security needs. >> >> How do others feel about this? >> -- >> Juju mailing list >> [email protected] >> Modify settings or unsubscribe at: https://lists.ubuntu.com/ >> mailman/listinfo/juju >> >
-- Juju-dev mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
