Limit SSH Access To Admins

Enable a setting to restrict the "Rebuild with SSH" action to only administrators (role on Github Team)
  • Guest
  • Jan 18 2019
  • New
  • Attach files
  • Pedro Santiago commented
    05 Jun 14:13

    In large companies, it's dangerous to let everyone with repo write permissions ssh into machine and printenv.
    Also, even after hide "Rebuild with SSH", how do we avoid people create their on ssh connection editing circleci config 🤔

  • Gene Peng commented
    18 Mar 03:11

    lots of people discussed this critical issue, why circleci don't care about this?

  • Gene Peng commented
    November 19, 2019 07:54

    Big security issue for such a long time, why haven't been fixed 

  • Juan Mrad commented
    September 23, 2019 15:02

    This seems like something we should be able to do. enable/disable access to a user role/group to SSH into a job. We don't want users to be able to just print all env variables.

  • Fernando Brito commented
    September 19, 2019 08:55

    This feature idea always come up on our internal security discussions. Af of now, too many people can SSH into our jobs and just "$ echo" all the secrets.

  • Joseph Becher commented
    February 24, 2019 19:38

    No, read-only users can't trigger jobs, including SSH. This feature would restrict this to only admins and owners, instead of the current behavior of all users with write or push access to the repo.

  • Billy Shambrook commented
    February 23, 2019 15:39

    How is this not already a thing? In GitHub, we have users with read only permissions, but now either of these users can now access credentials and write to production?????