> ## Documentation Index
> Fetch the complete documentation index at: https://cloudanix.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Read ssh information

### Event Information

#### Meaning

* The "Read SSH Information" event indicates that SSH-related information has been accessed or read within a container in your Kubernetes cluster.
* This could signify unauthorized access or exposure of sensitive SSH credentials or configurations, which can pose a significant security risk if not addressed promptly.
* To investigate this event, you should identify the pod and container involved, review logs for suspicious activity, and assess the potential impact on your security posture.

#### Remediation

1. Identify the affected pod: Use the following command to get the pod name where the event occurred:
   ```
   kubectl get events --field-selector reason=ReadSshInfoUsingPythonKubernetesApi
   ```

2. Delete the affected pod: Once you have identified the pod, delete it using the following command:
   ```
   kubectl delete pod <pod-name>
   ```

3. Update the deployment: If the pod is part of a deployment, update the deployment to create a new pod. This will ensure that the application continues to run:
   ```
   kubectl rollout restart deployment <deployment-name>
   ```

4. Audit Security Configurations:
   * Ensure that SSH configurations and credentials are stored securely and not accessible within containers. Avoid mounting sensitive information into containers unnecessarily.

Note: Make sure to investigate the root cause of the event and implement necessary security measures to prevent unauthorized access to SSH information in the future.
