SOP: Secure Access via SSH & NetBird

1. Overview

All infrastructure managed by Polaris IT Solutions is accessed via a private mesh VPN provided by NetBird. We do not expose SSH ports (22) directly to the public internet.

2. Prerequisites

NetBird Client: Must be installed on your workstation.
- Windows: Run management-scripts/setup-wsl.ps1
- Linux: Run management-scripts/bootstrap-technician.sh
Authentication: You must be authenticated to the Polaris NetBird domain.

3. Naming Convention

All servers on the NetBird network must follow this hostname convention: [client-code]-[role]-[index]

Examples:
- koruna-docker-01
- acme-db-01
- polaris-controller-01

4. Connection Procedure

4.1. Connecting via Terminal

Since the servers are on the mesh network, you can SSH directly to their NetBird hostname or IP.

# Syntax
ssh <user>@<netbird-hostname>

# Example
ssh deploy@koruna-docker-01.netbird.cloud

4.2. SSH Configuration (Recommended)

Add the following to your ~/.ssh/config for easier access:

# Polaris Fleet Wildcard
Host *-docker-*
    User deploy
    IdentityFile ~/.ssh/polaris_deploy_key
    # NetBird domains usually resolve automatically, but you can force it if needed

5. Security Rules

NO Password Auth: SSH password authentication must be disabled on all servers. Key-based authentication only.
Public Internet: Do NOT open port 22 on the cloud firewall (AWS Security Group / Azure NSG). Access is allowed ONLY via the NetBird interface.
Root Login: PermitRootLogin must be set to no or prohibit-password.

1. Overview​

2. Prerequisites​

3. Naming Convention​

4. Connection Procedure​

4.1. Connecting via Terminal​

4.2. SSH Configuration (Recommended)​

5. Security Rules​