Disallowed SSH Connection Non Standard Port

The Disallowed SSH Connection Non Standard Port event in a Kubernetes cluster indicates that an attempt was made to establish an SSH connection using a non-standard port.
This event suggests a potential security risk as SSH connections on non-standard ports are often used to evade detection or exploit vulnerabilities.
To investigate this event, you can use kubectl to check the logs of the relevant pod or container to gather more information about the attempted SSH connection. For example, you can use the following command: kubectl logs <pod-name> -c <container-name>.

To remediate the event “Disallowed SSH Connection Non Standard Port” using the Python Kubernetes API, you can follow these steps:

Identify the Pod or Deployment affected by the event:
- Use the Kubernetes API to list all Pods or Deployments in the cluster.
- Filter the list based on the criteria mentioned in the event, such as the non-standard SSH port.
- Identify the specific Pod or Deployment that needs remediation.
Update the Pod or Deployment manifest:
- Retrieve the manifest of the identified Pod or Deployment using the Kubernetes API.
- Modify the manifest to remove or update the non-standard SSH port configuration.
- Ensure that the SSH port is set to a compliant value according to your organization’s standards.
Apply the updated manifest:
- Use the Kubernetes API to apply the updated manifest to the cluster.
- This will trigger the Kubernetes control plane to reconcile the desired state with the actual state of the Pod or Deployment.
- The Pod or Deployment will be updated with the new SSH port configuration, remediating the event.

Note: The exact implementation of the above steps may vary depending on your specific environment and requirements.