Permitting SSH Access to Oracle Cloud Infrastructure Compute Classic Instances


Options



Before You Begin

Purpose

This tutorial shows you how to permit SSH access from hosts outside Oracle Cloud to a set of Compute Classic instances.

Note: This tutorial is not relevant for Windows instances, becuase you can't access Windows instances using SSH.

Time to Complete

10 minutes

Scenario

You're running a web server on two Compute Classic instances. To configure and administer the web server, your web server administrator needs SSH access to the instances. The two instances in question are part of a security list named webservers_seclist.

Caution: When you enable SSH access to these instances, SSH access will be enabled for all instances that are part of the webservers_seclist security list.

Note: You can adapt the steps in this tutorial to permit other traffic, such as HTTPS requests, to access Compute Classic instances.

What Do You Need?

To perform the steps in this tutorial, you must be a service user with the Compute_Operations role. If you don't have this role, ask your service administrator to assign the role to you in Oracle Cloud My Services.

Creating a Security IP List

To allow ssh connections from certain hosts outside Oracle Cloud to your Compute Classic instances, store the IP addresses of those external hosts in a security IP list in Compute Classic.

  1. Sign in to Oracle Cloud My Services and go to the Compute Classic console.
  2. Click the Network tab.
  3. On the Network page, click the Security IP Lists tab in the left pane.
  4. On the Security IP Lists page, click Create Security IP List.
  5. In the Create Security IP List dialog box, do the following:
    • Name: Enter a name for the new security IP list (for example, ssh_hosts). Note this name. You'll use it later in this tutorial.
    • IP List: Enter the IP addresses of the hosts from which you want to allow ssh connections.
    • Description: Enter a description for the new security IP list (for example, SSH hosts).

    Create Security IP List dialog box

  6. Click Create.

Next, you must create a security rule to permit ssh connections from the external hosts that you specified just now to your Compute Classic instances in the webservers_seclist security list.

Creating a Security Rule

  1. Click the Security Rules tab in the left pane.
  2. Click Create Security Rule, and do the following:
    • Name: Enter a name for the rule (for example, allow_p2ws_ssh).
    • Status: Select Enabled.
    • Security Application: Select the ssh security application.
    • Source: From the Security IP Lists drop-down list, select the ssh_host security IP list, which you created earlier in this tutorial.
    • Destination: Select webservers_seclist, which is the security list to which your Compute Classic instances belong.
    • Description: Enter a description for the rule (for example, Allow SSH access to web server instances).

    Create Security Rule

  3. Click Create.

You can now use ssh to access the Compute Classic instances in the webservers_seclist security list from the hosts that you specified in the ssh_hosts security IP list to.

At any time, you can temporarily suspend security rules by disabling them. You can also delete security rules that you no longer need.

Disabling and Deleting Security Rules

Disabling a Security Rule

  1. Sign in to Oracle Cloud My Services and go to the Compute Classic console.
  2. Click the Network tab.
  3. Identify the security rule that you want to disable.
  4. From the Actions menu, select Update.
  5. In the resulting dialog box, change Status to Disabled.
  6. Click Update.

Deleting a Security Rule

  1. Sign in to Oracle Cloud My Services and go to the Compute Classic console.
  2. Click the Network tab.
  3. Identify the security rule that you want to delete.
  4. From the Actions menu, select Delete.
  5. At the confirmation prompt, click Yes.

Want to Learn More?

Credits

  • Lead Curriculum Developer: Kumar Dhanagopal

  • Other Contributors: Vimal Patel, Anamika Mukherjee