When deploying to AWS EC2 what are the ranges you setup for the inbound approved IPs for ssh? I am trying to capistrano deploy from Circle CI after a successful github PR merge.
Asked
Active
Viewed 280 times
1 Answers
0
I think the better approach is probably to give CircleCI it's own private key, and add that public key to the authorized keys on the server, then you can just leave port 22 open for SSH (or really any port, and just have SSH listen on that port)
AFAIK - a 2048 byte RSA key is still effectively invincible to cracking, so as long as your private key doesn't fall into the wrong hands, it's fine. If you're really concerned about it, you can give the deploy user limited permissions so that all they're really able to do is deploy.
In AWS your inbound security groups should allow traffic from 0.0.0.0 on port 22, which will allow SSH connections from arbitrary IP addresses.
prater
- 2,330
- 1
- 17
- 15
-
following up on this, I have the keys setup but I think it is getting blocked at the IP firewall https://snag.gy/X03dUC.jpg - thoughts on this? – Chris Hough Aug 14 '19 at 17:31