Hi everybody,

How can I increase the security over ssh service on the manager nodes ? Can I restrict the access using security groups ?

Thanks!

Yes, Docker’s CloudFormation template adds all Managers into a security group called:

[Your Stack Name]-ManagerVpcSG-[Unknown Code]

One of the entries in this is SSH, allowing access from 0.0.0.0/0, which is the whole internet. You can change this as you wish, or add new SSH related entries. Internally, the stack doesn’t use SSH for any inter-node communication, so it’s safe for you to amend the SSH rules as you see fit.

Hope this helps x