Skip to main content

Platform Security

Learn more about security support on the Pantheon platform.


This section provides information on supported security for the Pantheon platform. Refer to the Secure Development on Pantheon guide for comprehensive security information.

Authenticating

SSH Keys

Pantheon does not provide access to a shell environment over SSH. These directions allow you to have passwordless access if you configure Git, SFTP, or Drush to use SSH keys.

You should load your public SSH key into your account to take full advantage of Pantheon. SSH keys are a best practice for authentication, allowing you more security than a simple password. You only have to configure this once, no matter how many sites you work on. Refer to Generate and Add SSH Keys for more information.

Dashboard Credentials

Use your Pantheon Dashboard login password if you are prompted for a password when connecting to the platform.

Info:
Note

If you login via social login (Connect with Google) or Single-Sign On (SSO) and you'd like to authenticate using a password, logout and visit https://dashboard.pantheon.io/reset-password to add a password to your account.

Larger agencies with multiple developers using password authentication to login may see access issues across the workspace. We strongly recommend using SSH keys to avoid potential authentication failures. Refer to Pantheon Workspaces FAQs more information.

IP-Address Based Security Schemes

IP-based security is not recommended on Pantheon (or any cloud platform) because the actual IP address where code executes from can change as application containers are migrated throughout the infrastructure.

Refer to Dynamic Outgoing IP Addresses for more information.

Advanced Global CDN can provide IP-based allowlist and blocklist features, as well as IP-based routing if you require IP address-level access control. Please contact your Customer Success Manager (CSM) or contact us for more information.

UDP

Pantheon's platform security controls include blocking most UDP traffic originating from website containers to prevent platform abuse.

More Resources