This section provides information on supported security for the Pantheon platform. Refer to the Secure Development on Pantheon guide for comprehensive security information.
Pantheon does not provide access to a shell environment over SSH. These directions allow you to have passwordless access if you configure Git, SFTP, or Drush to use SSH keys.
You should load your public SSH key into your account to take full advantage of Pantheon. SSH keys are a best practice for authentication, allowing you more security than a simple password. You only have to configure this once, no matter how many sites you work on. Refer to Generate and Add SSH Keys for more information.
Use your Pantheon Dashboard login password if you are prompted for a password when connecting to the platform.
If you login via social login (Connect with Google) or Single-Sign On (SSO) and you'd like to authenticate using a password, logout and visit https://dashboard.pantheon.io/reset-password to add a password to your account.
Larger agencies with multiple developers using password authentication to login may see access issues across the workspace. We strongly recommend using SSH keys to avoid potential authentication failures. Refer to Pantheon Workspaces FAQs more information.
IP-based security is not recommended on Pantheon (or any cloud platform) because the actual IP address where code executes from can change as application containers are migrated throughout the infrastructure.
Refer to Dynamic Outgoing IP Addresses for more information.
Advanced Global CDN can provide IP-based allowlist and blocklist features, as well as IP-based routing if you require IP address-level access control. Please contact your Customer Success Manager (CSM) or contact us for more information.
Pantheon's platform security controls include blocking most UDP traffic originating from website containers to prevent platform abuse.