docs: firewall rule for ssh-debug

canonical · Jan 29, 2024 · 391eae0 · 391eae0
1 parent 5dd54ed
commit 391eae0
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/docs/explanation/ssh-debug.md b/docs/explanation/ssh-debug.md
@@ -10,3 +10,9 @@ by default on [tmate-ssh-server charm](https://charmhub.io/tmate-ssh-server/).
 Authorized keys are registered via [action-tmate](https://github.com/canonical/action-tmate/)'s
 `limit-access-to-actor` feature. This feature uses GitHub users's SSH key to launch an instance
 of tmate session with `-a` option, which adds the user's SSH key to `~/.ssh/authorized_keys`.
+
+### Firewall rules
+
+By default, if there are any overlapping IPs within the `denylist` config option with the IP
+assigned to `tmate-ssh-server`, an exception to that IP will be made so that the `debug-ssh`
+relation can be setup correctly.