From 0fa55e4a92966f0f3d729d9fdc06962da1dad82f Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Wed, 6 Aug 2025 22:47:24 +0000 Subject: [PATCH 1/2] Update documentation with SSH requirements and Ubuntu 22 support - Add SSH server requirements and SSH key authentication to SECURITY.md - Specify Ubuntu 22 as currently supported OS in README.md - Include SSH access method requirements in platform support section Co-Authored-By: Alec Fong --- README.md | 6 ++++++ docs/SECURITY.md | 20 +++++++++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5384f3c8..cdf63981 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,12 @@ See [SECURITY.md](docs/SECURITY.md) for complete security specifications and imp - Cloud provider implementations are internal-only for now - `v2` will be shaped by feedback and contributions from the community +## Platform Support + +- **Operating System**: Currently supports Ubuntu 22 only +- **Architecture**: Designed for GPU-accelerated compute workloads +- **Access Method**: Requires SSH server and SSH key-based authentication + --- ## Who This Is For diff --git a/docs/SECURITY.md b/docs/SECURITY.md index ee027291..caec7711 100644 --- a/docs/SECURITY.md +++ b/docs/SECURITY.md @@ -2,6 +2,24 @@ This document outlines the security requirements and best practices for implementing cloud integrations with the Brev Compute SDK. If the cloud provider has a different security model, please indicate in the providers SECURITY.md file. +## 🔑 SSH Access Requirements + +**Brev depends on SSH server functionality and SSH key-based authentication for instance access.** + +### SSH Server Requirements + +1. **SSH Server**: All instances must have an SSH server running and accessible +2. **SSH Key Authentication**: Instances must support SSH key-based authentication +3. **Key Injection**: The SDK must support passing SSH public keys during instance creation +4. **Secure Access**: SSH access provides the primary method for secure instance management and user access + +**Implementation Requirements:** + +- SSH server (OpenSSH or equivalent) must be installed and running on all instances +- SSH key pairs must be supported for authentication +- Public keys must be injectable during instance provisioning +- SSH access must be available through the configured firewall rules + ## 🌐 Network Security Requirements ### Network Requirements @@ -118,4 +136,4 @@ For security issues, vulnerabilities, or questions: --- -**Note**: This document is a living document and will be updated as security requirements evolve. All cloud integrations must comply with these requirements to ensure the security and integrity of the Brev Compute SDK ecosystem. \ No newline at end of file +**Note**: This document is a living document and will be updated as security requirements evolve. All cloud integrations must comply with these requirements to ensure the security and integrity of the Brev Compute SDK ecosystem. \ No newline at end of file From a91aa5b2fff49ad7bc900f0d6c730747a20c6d6d Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Wed, 6 Aug 2025 22:52:42 +0000 Subject: [PATCH 2/2] Add SSH requirements to provider-specific security documentation - Add SSH server requirements to Lambda Labs SECURITY.md - Add SSH server requirements to Nebius SECURITY.md - Add SSH server requirements to FluidStack SECURITY.md - Ensure consistency with main docs/SECURITY.md SSH requirements Co-Authored-By: Alec Fong --- internal/fluidstack/v1/SECURITY.md | 10 ++++++++++ internal/lambdalabs/SECURITY.md | 12 +++++++++++- internal/nebius/SECURITY.md | 12 +++++++++++- 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/internal/fluidstack/v1/SECURITY.md b/internal/fluidstack/v1/SECURITY.md index 9a79af26..235eca2e 100644 --- a/internal/fluidstack/v1/SECURITY.md +++ b/internal/fluidstack/v1/SECURITY.md @@ -2,6 +2,16 @@ This document outlines FluidStack's security capabilities and compliance with Brev's security requirements. +## 🔑 SSH Access Requirements + +**FluidStack instances must support SSH server functionality and SSH key-based authentication for Brev access.** + +### SSH Implementation Status +- **SSH Server**: FluidStack instances include SSH server (OpenSSH) pre-installed and running +- **SSH Key Authentication**: FluidStack supports SSH public key injection during instance provisioning +- **Key Management**: Public SSH keys are configured in `~/.ssh/authorized_keys` during instance setup +- **Network Access**: SSH access operates within FluidStack's project-level network isolation model + ## ✅ FULLY COMPLIANT ### Disk Encryption diff --git a/internal/lambdalabs/SECURITY.md b/internal/lambdalabs/SECURITY.md index 2b3395f7..c55386b2 100644 --- a/internal/lambdalabs/SECURITY.md +++ b/internal/lambdalabs/SECURITY.md @@ -1,6 +1,16 @@ # Lambda Labs SECURITY.md for Brev Cloud SDK -This document outlines how the Lambda Labs integration complies with Brev Cloud SDK’s security architecture using Lambda Cloud primitives such as firewall rules and virtual network isolation. +This document outlines how the Lambda Labs integration complies with Brev Cloud SDK's security architecture using Lambda Cloud primitives such as firewall rules and virtual network isolation. + +## 🔑 SSH Access Requirements + +**Lambda Labs instances must support SSH server functionality and SSH key-based authentication for Brev access.** + +### SSH Implementation +- **SSH Server**: All Lambda Labs instances have SSH server (OpenSSH) pre-installed and running +- **SSH Key Authentication**: Lambda Labs supports SSH key injection during instance creation +- **Key Management**: Public SSH keys are automatically configured in `~/.ssh/authorized_keys` +- **Access Method**: SSH provides the primary secure access method for instance managementn. --- diff --git a/internal/nebius/SECURITY.md b/internal/nebius/SECURITY.md index 914e7796..1005165e 100644 --- a/internal/nebius/SECURITY.md +++ b/internal/nebius/SECURITY.md @@ -1,6 +1,16 @@ # Nebius SECURITY.md for Brev Cloud SDK -This document explains how Nebius VMs meet Brev Cloud SDK’s security requirements using Nebius primitives like Security Groups, VPCs, and projects. +This document explains how Nebius VMs meet Brev Cloud SDK's security requirements using Nebius primitives like Security Groups, VPCs, and projects. + +## 🔑 SSH Access Requirements + +**Nebius VMs must support SSH server functionality and SSH key-based authentication for Brev access.** + +### SSH Implementation +- **SSH Server**: All Nebius VM instances include SSH server (OpenSSH) installed and running by default +- **SSH Key Authentication**: Nebius supports SSH public key injection during VM creation via metadata +- **Key Management**: SSH keys are automatically configured in the VM's `~/.ssh/authorized_keys` file +- **Security Integration**: SSH access works within the Security Group firewall rules defined for the instances. ---