Node Security
Use this page to manage the security controls that are attached to an existing node in MyAccount.
These controls are not only general security concepts. They are E2E-managed node settings, add-ons, and access workflows that change how the node can be reached, protected, recovered, or monitored from the portal.
Shared action availability reasons are maintained in one place. If a security action is hidden, disabled, or rejected, see Action Availability.
Open Node Security Controls
Most node security actions start from the same place:
- Log in to MyAccount.
- Go to Compute > Nodes.
- Find the node you want to manage.
- Open the node details page or the node action menu.
- For tab-based controls, open Node Security or Security Group on the node details page. For protection, recovery, and compliance actions, use the node action menu.
- Review each confirmation dialog and confirm only after checking the node name.
SSH Keys and Password Access
E2E uses node access controls to help you reach the operating system after the node is created. Linux nodes commonly use SSH keys, while Windows nodes commonly use password-based access. Some Linux flows can also support password access depending on the selected image and account flow.
Manage SSH Keys
SSH key management stores the public key in MyAccount and applies the selected key context to supported Linux node access. Your private key is never uploaded to E2E.
To add or replace SSH keys for a node:
- Open the Node Security tab for the selected node.
- In SSH Keys, select the add icon.
- From Select Keys, choose one or more existing SSH keys.
- Select the check icon to submit the selected keys.
- If you need a new key, select Add SSH Key.
- Enter a key name, then either load a
.pubfile or paste the public key text. - Select Add key.
- Use the matching private key from your local machine when connecting to the node.
Adding an SSH key during node creation is optional in supported flows. If you lose access later, add a new SSH key from the node security controls where the action is available.
The portal can also show a view action for attached SSH keys. Use it to copy or download the public key text already associated with the node.
To remove an SSH key where the portal allows removal:
- Open the Node Security tab.
- In SSH Keys, select the remove icon next to the key.
- Review the Remove SSH Key confirmation.
- Select Confirm only after you verify that access through this key is no longer required.
Removing a key can prevent users who depend on that key from accessing the node.
Update Password Access
Password actions are used for supported node types where MyAccount allows password update or credential refresh.
To update a node password where the action is available:
- Open the Node Security tab for the selected Windows node.
- Select Click here to change the node password.
- Enter the new password.
- Enter the same value in Confirm Password.
- Select the check icon to submit the password change, or select the clear icon to cancel.
- Use the updated credential through the supported Windows access flow after the change is complete.
The password form requires the password and confirmation to match. The portal validates the password format before allowing submission.
After node creation, password or access credential details are sent to the registered email address for supported node types.
For connection steps, see:
| Resource | Use it for |
|---|---|
| Connect to a Linux node | SSH access and Linux login steps. |
| Connect to a Windows node | RDP and Windows credential access. |
Security Groups
Security groups are E2E-managed network rule sets applied to node traffic. They decide which inbound and outbound connections are allowed before traffic reaches the node operating system.
Every account has a default security group. You usually create or attach a custom security group only when you need stricter access rules, such as limiting SSH or RDP to trusted source IP ranges.
Use security groups to:
- Restrict SSH and RDP access.
- Open web ports such as HTTP and HTTPS.
- Limit database or application ports to trusted networks.
- Keep node exposure aligned with public IP, Add-on IP, IPv6, and VPC configuration.
To review or change the security group attached to a node:
- Open the Security Group tab for the selected node.
- Review the attached security groups.
- Expand a security group to inspect Inbound Rules and Outbound Rules.
- To edit a security group, select the edit icon and update the rule set from the Security Groups page.
Attach a Security Group
Use this flow when you want to add another security group to the node:
- Select Attach Security Group.
- In the attach field, search for and select one or more available security groups.
- Select the check icon to attach the selected groups.
- Wait for the tab to refresh and confirm that the security groups are listed.
If no more security groups are available, the portal shows a link to create a new security group.
Detach a Security Group
Use this flow when you want to remove a security group from the node:
- Find the attached security group.
- Select Detach.
- In the Detach Security Group dialog, review the security group name.
- Select Confirm.
- Wait for the tab to refresh and confirm that the security group is removed.
At least one security group is mandatory. If only one security group is attached, attach another security group before detaching the current one.
Allow All Traffic Temporarily
Use Allow All Traffic only when you need to troubleshoot conflicts between operating system firewall rules and security group rules:
- Open the Security Group tab.
- Select Allow All Traffic.
- Confirm the action in the portal flow.
- Restore stricter inbound and outbound rules after you identify the issue.
Do not leave a production node in an allow-all state longer than needed.
Security group rules work with, not instead of, the operating system firewall. If a port is allowed in the security group but still unreachable, check the firewall and service listener inside the node.
For rule management, see Security Groups.
Manage a BitNinja License
Use the Node Security tab to buy, activate, terminate, or reactivate a BitNinja license for a node.
To manage a BitNinja license:
- In the Node Security tab, go to the BitNinja license area.
- Choose the required action:
- Select Click here to buy when the license is not active.
- Select Click here to terminate when the license is active.
- If the node does not have a public IP, select the link to assign a public IP from the Network tab first.
- Review the confirmation dialog:
- For purchase or activation, check the monthly license charge.
- For termination or deactivation, review the warning that BitNinja protection benefits stop after the license is terminated.
- Select Buy or Terminate.
- After purchase, follow the activation email sent by E2E.
After buying or activating a BitNinja license, check your registered email for activation instructions sent by E2E and complete the required setup steps on the selected node.
After terminating or deactivating a BitNinja license, follow the BitNinja uninstall guidance if you also need to remove BitNinja packages from the operating system.
If you enable BitNinja again later, MyAccount treats it as a new license purchase for that node.
Accidental Protection
Accidental Protection is an E2E node-level safety setting. When it is enabled, MyAccount protects the node from destructive actions such as delete or reinstall.
Use it for production nodes, shared team nodes, and nodes with data that should not be removed without an intentional protection change.
Manage Accidental Protection
To turn Accidental Protection on or off:
- Open the node action menu.
- Select Enable Accidental Protection or Disable Accidental Protection, depending on the current state.
- In the confirmation dialog, verify the node name.
- Select Enable or Disable.
- Wait for the portal to update the protection state.
Enabling Accidental Protection does not stop or restart the node. It changes which destructive management actions MyAccount allows for that node.
Disable Accidental Protection only when you intentionally need to delete, reinstall, or perform another protected operation. Re-enable it afterward if the node should remain protected.
Recovery Mode
Recovery Mode is an E2E recovery workflow for supported Linux nodes. It starts a powered-off node in a recovery environment so you can inspect or repair operating system access, boot issues, filesystem problems, or configuration mistakes.
Recovery Mode is a repair workflow. Create a backup or snapshot before changing disk data whenever possible.
Use Recovery Mode
To enable, use, and then disable Recovery Mode:
- Shut down the workload cleanly from inside the operating system if possible.
- Power off the node from MyAccount.
- Open the node action menu.
- Select Enable Recovery Mode.
- Confirm the Enable Recovery Mode dialog.
- Wait while the portal shows the recovery mode action as in progress.
- Use the available console or supported access path to repair the node.
- After repair work is complete, power off the node again if required.
- Open the node action menu and select Disable Recovery Mode.
- Confirm the Disable Recovery Mode dialog.
- Start the node normally.
If MyAccount tells you that the node must be powered off before enabling or disabling Recovery Mode, power off the node first and then repeat the action.
Do not leave a node in Recovery Mode after the repair is complete. Disable Recovery Mode before returning the workload to normal operation.
Security Compliance
Security Compliance is an E2E-managed monitoring service for eligible nodes. It provides node-level security monitoring, integrity checks, threat visibility, and a Compliance Dashboard from MyAccount.
When you enable it, MyAccount starts the compliance service for the selected node, records the billing activation, and shows the registration information needed to connect the node to the compliance service. When you disable it, monitoring and billing for that node stop.
Enable, Connect, or Disable Security Compliance
To enable Security Compliance:
- Open the node action menu.
- Select Enable Security Compliance.
- Review the monthly per-node charge in the confirmation dialog.
- Select the acknowledgement checkbox to start Security Compliance for the node.
- Select Enable.
- Copy the portal-generated commands for the node operating system or package manager.
- Run those commands inside the node with the required administrative privileges.
- Open the Compliance Dashboard after the node connects.
Use the commands shown in your MyAccount session. They include node-specific registration details and should not be copied from another node or another account.
To disable Security Compliance:
- Open the node action menu.
- Select Disable Security Compliance.
- In the Disable Security Compliance dialog, verify the node name.
- Select Disable.
- Wait for MyAccount to stop monitoring the node.
Disabling Security Compliance does not delete the node, stop the node, or remove your application data. It stops the E2E compliance monitoring service for that node.
Locking and Security Controls
Lock Node, Accidental Protection, and Security Compliance protect different parts of node management. Use them together only when the node needs that level of control.
| Control | What changes in MyAccount |
|---|---|
| Lock Node | Most mutating node actions are restricted until the node is unlocked. |
| Accidental Protection | Destructive actions such as delete and reinstall require protection to be disabled first. |
| Security groups | Network traffic rules are applied before traffic reaches the node. |
| Recovery Mode | The node starts in a repair environment until Recovery Mode is disabled. |
| Security Compliance | The node is enrolled in E2E compliance monitoring and appears in the Compliance Dashboard after agent connection. |
| BitNinja license | The node receives a paid BitNinja license workflow and activation guidance. |
For lock and unlock steps, see Node Actions.
Related Resources
| Resource | Use it for |
|---|---|
| Manage Nodes | Return to the node management overview. |
| Node Network | Review public IPs, Add-on IPs, IPv6, VPCs, and network exposure. |
| Node Actions | Manage lifecycle, lock, delete, reinstall, and power actions. |
| Action Availability | Check shared reasons node actions are hidden, disabled, or rejected. |
| Node Images | Understand saved image and reinstall behavior around nodes. |
| Node Snapshots | Understand snapshot behavior around nodes. |
| Encryption | Understand node encryption behavior and operational impact. |
| Security Groups | Configure network firewall rule sets. |
| BitNinja | Use the BitNinja server security add-on. |