1 ファイル変更+17-0
この更新の概要
管理者向けの設定に、接続可能なSSHホストを制限するsshHostAllowlistオプションが追加されました。この設定はマネージド設定ファイルからのみ読み込まれ、ワイルドカードを使用して特定のドメインやホストへの接続を許可できます。Claude Desktopアプリにのみ適用され、CLIやIDE拡張機能には影響しない点や、~/.ssh/configの解決後のホスト名に対してチェックが行われる仕様が明記されています。設定を空の配列にすることで、SSHセッション自体を完全に無効化することも可能です。
管理者によるSSH接続先の制限機能として、sshHostAllowlist設定の定義と具体的な動作仕様が追記されました。許可パターンの記述方法や、他のツールとの互換性、ネットワーク制限に関する注意点について詳しく説明されています。
@@ -529,6 +529,22 @@ The following example pre-configures a single connection that opens in `~/projec
Each entry requires `id`, `name`, and `sshHost`. The `sshPort`, `sshIdentityFile`, and `startDirectory` fields are optional. Users can also add `sshConfigs` to their own `~/.claude/settings.json`, which is where connections added through the dialog are stored.
#### Restrict which SSH hosts users can connect to
Administrators can limit Desktop's SSH sessions to an approved set of hosts by adding `sshHostAllowlist` to a [managed settings](/en/settings#settings-precedence) file. When set, users can only connect to hosts whose resolved hostname matches one of the patterns. Set it to an empty array to disable SSH sessions entirely.
The following example allows connections to any host under `devboxes.example.com` and to a single named bastion host:
```json
{
"sshHostAllowlist": ["*.devboxes.example.com", "bastion.example.com"]
}
```
Patterns are case-insensitive. `*` matches any host, and `*.example.com` matches `example.com` and any subdomain. Anything else is an exact match. The check runs against the hostname after `~/.ssh/config` resolution via `ssh -G`, so `Host` aliases and `ProxyCommand`/`ProxyJump` entries are permitted as long as the resolved `HostName` matches.
`sshHostAllowlist` is read from managed settings only; values in user or project settings are ignored. Only the Claude Desktop app honors this setting; the Claude Code CLI and IDE extensions do not read it, and it does not restrict `ssh` commands run through the Bash tool. It governs which hosts the Desktop app connects to, not network egress, so pair it with your organization's network or zero-trust controls if you need a hard boundary.
## Enterprise configuration
Organizations on Team or Enterprise plans can manage desktop app behavior through admin console controls, managed settings files, and device management policies.
@@ -552,6 +568,7 @@ Managed settings override project and user settings and apply when Desktop spawn
| `disableAutoMode` | set to `"disable"` to prevent users from enabling [Auto](/en/permission-modes#eliminate-prompts-with-auto-mode) mode. Removes Auto from the mode selector. Also accepted under `permissions`. |
| `autoMode` | customize what the auto mode classifier trusts and blocks across your organization. See [Configure auto mode](/en/auto-mode-config). |
| `sshConfigs` | pre-configure [SSH connections](#pre-configure-ssh-connections-for-your-team) that appear in the environment dropdown. Users cannot edit or delete managed connections. |
| `sshHostAllowlist` | restrict [SSH sessions](#restrict-which-ssh-hosts-users-can-connect-to) to hosts whose resolved hostname matches one of these patterns. An empty array disables SSH sessions. Read from managed settings only. |
A managed settings file deployed to disk on each machine applies to Desktop sessions. Managed settings pushed remotely through the admin console currently reach CLI and IDE sessions only, so for Desktop deployments either distribute the file via MDM or use the [admin console controls](#admin-console-controls) above.