Connect to a server (SSH)#

One-time setup

Ask a systems administrator to add your public SSH key to the relevant ssh list in the server’s Pillar file.

By default, the SSH port is closed. The easiest way to open it depends on whether your IP address is dynamic or static.

Dynamic IP: Port knock#

To open the SSH port for 30 seconds, send traffic to port 8255, replacing with the server you want to connect to:

curl --silent --connect-timeout 1 || true

You can then use ssh as usual. Once you’re connected, the server will close the port, but not your connection.


Port 8255 returns no data. Without --connect-timeout 1, curl waits forever for a response.

If you are working on this repository, you can also run:

./ connect user@host

Static IP: Allow list#

  1. Add your IP address to the firewall.ssh_ipv4 and firewall.ssh_ipv6 lists in the common private Pillar file

  2. Add your full name in a comment

  3. Deploy all services

If you’re unsure, contact