diff --git a/README.md b/README.md index 5384f3c8..cdf63981 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,12 @@ See [SECURITY.md](docs/SECURITY.md) for complete security specifications and imp - Cloud provider implementations are internal-only for now - `v2` will be shaped by feedback and contributions from the community +## Platform Support + +- **Operating System**: Currently supports Ubuntu 22 only +- **Architecture**: Designed for GPU-accelerated compute workloads +- **Access Method**: Requires SSH server and SSH key-based authentication + --- ## Who This Is For diff --git a/docs/SECURITY.md b/docs/SECURITY.md index ee027291..caec7711 100644 --- a/docs/SECURITY.md +++ b/docs/SECURITY.md @@ -2,6 +2,24 @@ This document outlines the security requirements and best practices for implementing cloud integrations with the Brev Compute SDK. If the cloud provider has a different security model, please indicate in the providers SECURITY.md file. +## 🔑 SSH Access Requirements + +**Brev depends on SSH server functionality and SSH key-based authentication for instance access.** + +### SSH Server Requirements + +1. **SSH Server**: All instances must have an SSH server running and accessible +2. **SSH Key Authentication**: Instances must support SSH key-based authentication +3. **Key Injection**: The SDK must support passing SSH public keys during instance creation +4. **Secure Access**: SSH access provides the primary method for secure instance management and user access + +**Implementation Requirements:** + +- SSH server (OpenSSH or equivalent) must be installed and running on all instances +- SSH key pairs must be supported for authentication +- Public keys must be injectable during instance provisioning +- SSH access must be available through the configured firewall rules + ## 🌐 Network Security Requirements ### Network Requirements @@ -118,4 +136,4 @@ For security issues, vulnerabilities, or questions: --- -**Note**: This document is a living document and will be updated as security requirements evolve. All cloud integrations must comply with these requirements to ensure the security and integrity of the Brev Compute SDK ecosystem. \ No newline at end of file +**Note**: This document is a living document and will be updated as security requirements evolve. All cloud integrations must comply with these requirements to ensure the security and integrity of the Brev Compute SDK ecosystem. \ No newline at end of file diff --git a/internal/fluidstack/v1/SECURITY.md b/internal/fluidstack/v1/SECURITY.md index 9a79af26..235eca2e 100644 --- a/internal/fluidstack/v1/SECURITY.md +++ b/internal/fluidstack/v1/SECURITY.md @@ -2,6 +2,16 @@ This document outlines FluidStack's security capabilities and compliance with Brev's security requirements. +## 🔑 SSH Access Requirements + +**FluidStack instances must support SSH server functionality and SSH key-based authentication for Brev access.** + +### SSH Implementation Status +- **SSH Server**: FluidStack instances include SSH server (OpenSSH) pre-installed and running +- **SSH Key Authentication**: FluidStack supports SSH public key injection during instance provisioning +- **Key Management**: Public SSH keys are configured in `~/.ssh/authorized_keys` during instance setup +- **Network Access**: SSH access operates within FluidStack's project-level network isolation model + ## ✅ FULLY COMPLIANT ### Disk Encryption diff --git a/internal/lambdalabs/SECURITY.md b/internal/lambdalabs/SECURITY.md index 2b3395f7..c55386b2 100644 --- a/internal/lambdalabs/SECURITY.md +++ b/internal/lambdalabs/SECURITY.md @@ -1,6 +1,16 @@ # Lambda Labs SECURITY.md for Brev Cloud SDK -This document outlines how the Lambda Labs integration complies with Brev Cloud SDK’s security architecture using Lambda Cloud primitives such as firewall rules and virtual network isolation. +This document outlines how the Lambda Labs integration complies with Brev Cloud SDK's security architecture using Lambda Cloud primitives such as firewall rules and virtual network isolation. + +## 🔑 SSH Access Requirements + +**Lambda Labs instances must support SSH server functionality and SSH key-based authentication for Brev access.** + +### SSH Implementation +- **SSH Server**: All Lambda Labs instances have SSH server (OpenSSH) pre-installed and running +- **SSH Key Authentication**: Lambda Labs supports SSH key injection during instance creation +- **Key Management**: Public SSH keys are automatically configured in `~/.ssh/authorized_keys` +- **Access Method**: SSH provides the primary secure access method for instance managementn. --- diff --git a/internal/nebius/SECURITY.md b/internal/nebius/SECURITY.md index 914e7796..1005165e 100644 --- a/internal/nebius/SECURITY.md +++ b/internal/nebius/SECURITY.md @@ -1,6 +1,16 @@ # Nebius SECURITY.md for Brev Cloud SDK -This document explains how Nebius VMs meet Brev Cloud SDK’s security requirements using Nebius primitives like Security Groups, VPCs, and projects. +This document explains how Nebius VMs meet Brev Cloud SDK's security requirements using Nebius primitives like Security Groups, VPCs, and projects. + +## 🔑 SSH Access Requirements + +**Nebius VMs must support SSH server functionality and SSH key-based authentication for Brev access.** + +### SSH Implementation +- **SSH Server**: All Nebius VM instances include SSH server (OpenSSH) installed and running by default +- **SSH Key Authentication**: Nebius supports SSH public key injection during VM creation via metadata +- **Key Management**: SSH keys are automatically configured in the VM's `~/.ssh/authorized_keys` file +- **Security Integration**: SSH access works within the Security Group firewall rules defined for the instances. ---