Perform an SSH Lockout

Understanding the SSH Lockout Feature

The SSH Lockout module enables an administrator to limit SSH logon access to the environment. This feature provides a mechanism for ensuring that processing resources are available for high-priority tasks as well as to assist with managing scheduled maintenance. Be aware that existing SSH logons are not affected by a lockout. A lockout prevents new SSH logons only. Access to software that does not rely on SSH is unaffected.

The feature provides user-level controls for denying SSH logons broadly while permitting SSH logons from specific user accounts. This level of control is available based on how you set the lockout controls. The following figure shows the fields that are available on the Lockout Whitelist tab.

SSH Lockout

The following table provides a description for each of the fields on the Lockout Whitelist tab and describes how the settings interact with each other. The lockout status is not changed until the Commit button is clicked.

Lockout Whitelist Field Descriptions

Field	Description
Lockout Status	This field shows the current lockout status and is used to set the lockout status: Enabled only the user accounts listed in the Admin Users and Regular Users are permitted SSH logon access. Disabled all users, except the users listed in the Disabled Users are permitted SSH logon access. Note: User accounts in the Disabled Users are denied SSH logon access at all times.
Admin Users	Specifies the user accounts that are permitted SSH logon access when the lockout is active.
Regular Users	Specifies the user accounts that are permitted SSH logon access when the lockout is active.
Disabled Users	Specifies the user accounts that are denied SSH logon access at all times. This list can be used to deny access to single users even when a lockout is not active.

Perform an SSH Lockout

To perform an SSH lockout:

Click HPC Management from the toolbar.
Click SSH Lockout.
Select Enabled on the Lockout Status.
Review the Admin Users, Regular Users, and Disabled Users lists.

For information about the lists, see Lockout Whitelist Field Descriptions.
Click Commit.

To disable an SSH lockout, set the Lockout Status to Disabled and then click Commit.