Is it possible to turn off fly ssh either globally for an organization or for particular apps? I’d like to use Tailscale ssh to manage access to running instances, but if all Fly users can ssh into everything, that kind of defeats the purpose.
Secret protection is a good use case here, since anyone with ssh access can go read the environment variables.
There’s currently no built-in way to disable SSH.
The only hacky way I can think of right now would be to replace /.fly/hallpass, after your program has started, with a dummy program that does nothing. I’m not entirely sure it would work.
Thanks! More generally, are there any best practices for following a least privilege access model with Fly?
I could imagine only having a small set of people actually having Fly accounts, and relying on automated deploys through CI/CD, but the Dashboard views are very helpful.
Is there any chance of having a “Dashboard-only” role for users, with no CLI capability at all?
Yes, we’re actively working on finer-grained authorization tokens. I’m not sure what the timeline is though.
Good to know! Any timeline information would really helpful for our infrastructure decisions, even it’s an estimate.
I don’t know if it is still the case, but with distroless containers, fly console ssh didn’t work at all, back when I was using those.
Ooh, good call. I tested this with our current PaaS provider, and it prevented their web shell from working. Looks promising!