Skip to content

Access Control Lists (ACLs)

Access Control Lists allow you to control how and from where your users access SingleJump.
With ACLs, you can restrict access to specific IP addresses, limit which users can authenticate from certain networks, and define whether access is allowed through the web interface, the SSH intermediary server, or both.

ACLs provide a strong security layer by ensuring that only approved networks and approved users can reach your SingleJump instance.

Purpose of ACLs

ACLs give you the flexibility to:

  • Allow connections only from trusted IPs or networks
  • Assign specific ACLs to specific users
  • Create global rules that apply to every user
  • Control whether access is allowed through the web interface, the SSH server, or both
  • Temporarily disable an ACL without removing it
  • Enforce strict security limits for sensitive environments

This helps prevent unauthorized access and ensures full control over user authentication paths.

Create ACL

Address *

Specifies the IP address or IP range allowed to authenticate using this ACL.

Examples: - 0.0.0.0/0 – allow all IPs
- 192.168.1.10/32 – single IP
- 192.168.1.0/24 – subnet

Only connections originating from this address or range will be permitted.

Global *

When enabled, this ACL automatically applies to all users in the system.

Use case examples: - Allowing full system access through a company VPN
- Creating a general access rule for the entire organization

If disabled, only the users selected in the Users field may use this ACL.

SSH *

Enables SSH access through the SingleJump intermediary SSH server.

Disable this option if: - You only want users to access the web panel
- You want to restrict SSH access to selected ACLs

Web *

Allows access to the web interface when connecting from this IP or range.

Disable this option if: - A user should only perform SSH operations
- You want a machine-to-machine ACL without web login

Active *

Activates or deactivates the ACL.
When inactive, the ACL is ignored but remains saved for later use.

Users *

Select the users that can authenticate using this ACL (unless Global is enabled).

This allows you to: - Restrict certain ACLs to administrators
- Give a specific user access only from a specific location

Description

Optional field used to describe the purpose of the ACL.
Examples: - “Office access only”
- “Emergency maintenance ACL”
- “VPN-only admin access”

Summary

Access Control Lists define who can access SingleJump and from where, offering precise control over authentication and user access paths.
By combining IP restrictions, user-level assignment, and access-type options, ACLs significantly enhance the security and flexibility of your SingleJump installation.

For best security practices, ACLs should never be left open (e.g., 0.0.0.0/0).
Instead, you should always create ACLs that match the specific IP addresses or networks of your users.
This ensures that only authorized locations are allowed to connect, greatly reducing the risk of unauthorized access.