Assessing the Need for SSH Access and a Bastion Host in Our Docker Strategy

[Shafiya-Heena]

Issue Description:

We're evaluating the need for SSH access and considering a bastion host for secure connections within our Dockerized development environment. This initiative aims to balance direct access requirements against our principles of container immutability and minimal direct access.

Key Points for Discussion:

• Identify clear use cases where SSH access is essential, which cannot be addressed by our current toolset.
• Assess the security implications and compatibility of introducing a bastion host with our security standards.

We seek concise input on the practicality and security of integrating SSH access through a bastion host, ensuring any decision supports our infrastructure's integrity and efficiency.

Implementation

• [ ] I would be interested in implementing this feature.

[dishak]

@Shafiya-Heena , Is this issue resolved as per PR #12 ?

[Shafiya-Heena]

@dishak!! the Bastion host is still a work in progress and has not been resolved in the mentioned PR. Thank you!

[amandayclee]

Creative Commons currently employs a robust set of tools and practices to manage their development and site reliability engineering environments, as evidenced by the index-dev-env and sre-salt-prime repositories.

Key components include:

• SSH: Securely connects and manages servers, allowing for remote operations.
• git-crypt: Ensures sensitive data within Git repositories is encrypted and protected from unauthorized access.
• GPG (GNU Privacy Guard): Signs Git commits to ensure the security and integrity of the codebase.
• SaltStack: Automates configuration management and deployment, streamlining server management.
• AWS (Amazon Web Services): Provides a scalable and secure cloud infrastructure.

As Creative Commons considers the introduction of a Bastion Host to manage SSH access, it is essential to weigh the benefits and drawbacks of this approach.

Benefits of SSH and a Bastion Host

• Secure Data Transmission: SSH provides encrypted connections, ensuring secure data transmission.
• Remote Management: SSH enables secure remote management of servers from any location.
• Centralized Access Control: A Bastion Host provides a single point for managing SSH access, simplifying control and monitoring.
• Minimized Exposure: Concentrating SSH access through the Bastion Host minimizes the number of servers exposed to the internet.

Potential Drawbacks

• Single Point of Failure: The Bastion Host itself becomes a critical point; its failure can disrupt all SSH access.
• Performance Bottlenecks: Ensuring the Bastion Host can handle the load without becoming a bottleneck is crucial.

By carefully considering these factors, Creative Commons can make an informed decision that supports the integrity and efficiency of their infrastructure, balancing the need for secure access with the principles of container immutability and minimal direct access.

Reference

• index-dev-env: This repository provides the configuration required to run the CreativeCommons.org website in a local Docker development environment
• sre-salt-prime: This repository contains SaltStack configuration files for site reliability engineering and DevOps at Creative Commons
• SSH Bastion Host Best Practices: This article from Teleport provides a comprehensive guide on securing a Bastion Host, including hardening the server OS, OpenSSH authentication, and cryptographic operations.
• SSH Security Best Practices: Protecting Your Remote Access Infrastructure: This article from Tailscale covers enforcing strong authentication, managing SSH keys, securing SSH settings, implementing SSH Bastion Hosts, and monitoring and auditing SSH activity.