Skip to content

How to restrict access to the SSH Shell feature for RKE2 Cluster Nodes in Rancher UI

Article Number: 000022207

Environment

  • Rancher 2.x

Procedure

By removing the `manage-node` permission, you can restrict users from accessing the SSH Shell feature, enhancing the security posture of your RKE2 cluster nodes.

To disable the SSH Shell feature for RKE2 cluster nodes in Rancher, follow these steps:

  • Identify the User Role: Determine the specific user role for which you want to disable SSH Shell access.

  • Remove the manage-node Permission:

  • Navigate to the Rancher UI.

  • Go to the Cluster Management section.
  • Select the specific cluster.
  • Access the Cluster Members or Users section.
  • Locate the user or group whose permissions you need to modify.
  • Edit the user's roles and permissions.
  • Remove the manage-node permission from the user's roles.
  • Verify the Change: After removing the manage-node permission, verify that the SSH Shell option is no longer available for the modified user role when accessing the RKE2 cluster nodes through the Rancher UI. 
    Eg : 

Note: Currently, the only available option is to modify RBAC roles. We have an internal RFE open to provide a helm option or a way to disable SSH access during DS cluster provisioning.