Configuring SSH Access for PCF
Page last updated:
To help troubleshoot applications hosted by a deployment, Pivotal Cloud Foundry (PCF) supports SSH access into running applications. This document describes how to configure a PCF deployment to allow SSH access to application instances, and how to configure load balancing for those application SSH sessions.
This section describes how to configure Elastic Runtime to enable or disable deployment-wide SSH access to application instances. Space administrators and app developers and can also control SSH access to the space and app scope, respectively. See Application SSH Overview for details on SSH access permissions.
To configure Elastic Runtime SSH access for application instances:
Open the Pivotal Elastic Runtime tile in Ops Manager.
Under the Settings tab, select the Application Containers section.
Enable or disable the Allow SSH access to app containers checkbox.
If you are using HAProxy as a load balancer and SSH access is enabled, SSH requests are load balanced by HAProxy. This configuration relies on the presence of the same consul server cluster that Diego components use for service discovery. This configuration also works well for deployments where all traffic on the system domain and its subdomains is directed towards the HAproxy job, as is the case for a BOSH-Lite Cloud Foundry deployment on the default
For AWS deployments, where the infrastructure offers load-balancing as a service through ELBs, the deployment operator can provision an ELB to balance load across the SSH proxy instances. You should configure this ELB to listen to TCP traffic on the port given in
app_ssh.port and to send it to port 2222.
In order to register the SSH proxies with this ELB, you should then add the ELB identifier to the
elbs property in the
cloud_properties hash of the Diego manifest
access_zN resource pools. If you used the spiff-based manifest-generation templates to produce the Diego manifest, specify these
cloud_properties hashes in the
iaas_settings.resource_pool_cloud_properties section of the