User access to clusters

CDP provides security mechanisms when you access clusters.

Access via SSH

There are two levels of SSH access to clusters:
  • The CDP administrator who creates an environment provides a public SSH key. CDP adds the public key to the authorized_keys file on each node in the cluster. The corresponding private SSH key can be used for root-level access to all clusters created within the environment.
  • Other users can access the clusters by providing their FreeIPA password, but they do not have root-level access.

In order for you to obtain SSH access to resources, port 22 must be open for inbound access from your CIDR IP range on the security groups. If you are using the out-of-the-box security group settings, port 22 is open for inbound access from the CIDR IP range that you specify during environment creation. If you are providing your own security groups, you must open port 22 to allow inbound access from your CIDR IP range.

Access to Cloudera Manager and other UIs

Access to Cloudera Manager and other cluster UIs and endpoints (such as JDBC) is always via the secure Knox gateway on port 443. Users are automatically logged in with their CDP credentials.