Connect to a server (SSH)

One-time setup

Ask a systems administrator to add your public SSH key to the relevant ssh list in the server’s Pillar file.

On machines running Docker, use SSH as usual. For example:


These machines include:




  • *

On machines not running Docker, the SSH port is closed by default. The easiest way to open it depends on whether your IP address is dynamic or static.

Dynamic IP: Port knock

To open the SSH port for 30 seconds, send traffic to port 8255, replacing with the server you want to connect to:

curl --silent --connect-timeout 1 || true

You can then use ssh as usual. Once you’re connected, the server will close the port, but not your connection.


Port 8255 returns no data. Without --connect-timeout 1, curl waits forever for a response.

Static IP: Allow list

  1. Add your IP address(es) to the ssh_ipv4 and ssh_ipv6 list(s) in the common private Pillar file

  2. Add your full name in a comment

  3. Deploy all services

If you’re unsure, contact