forked from pivotal-cf/docs-ops-guide
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig-ssh.html.md.erb
34 lines (18 loc) · 2.29 KB
/
config-ssh.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
---
title: Configuring SSH Access for Pivotal Platform
owner: Diego
---
<% current_page.data.title = "Configuring SSH Access for " + vars.product_name %>
To help troubleshoot applications hosted by a deployment, [<%= vars.first_product_name %>](https://network.pivotal.io/products/pivotal-cf) supports SSH access into running applications. This document describes how to configure a <%= vars.product_name %> deployment to allow SSH access to application instances, and how to configure load balancing for those application SSH sessions.
## <a id='diego-configuration'></a> Pivotal Application Service Configuration
This section describes how to configure Pivotal Application Service (PAS) to enable or disable deployment-wide SSH access to application instances. In addition to this deployment-wide configuration, Space Managers have SSH access control over their Space, and Space Developers have SSH access control over their to their Applications. For details about SSH access permissions, see the [Application SSH Overview](../devguide/deploy-apps/app-ssh-overview.html) topic.
To configure PAS SSH access for app instances:
1. Open the PAS tile in Ops Manager.
1. Under the **Settings** tab, select the **Application Containers** section.
1. Enable or disable the **Allow SSH access to app containers** checkbox.
1. Optionally, select **Enable SSH when an app is created** to enable SSH access for new apps by default in spaces that allow SSH. If you deselect this checkbox, developers can still enable SSH after pushing their apps by running `cf enable-ssh APP-NAME`.
<%= image_tag("./images/docker-registry-ert.png") %>
## <a id="ssh-load-balancer-configuration"></a> SSH Load Balancer Configuration
For IaaSes where load-balancing is available as a service, you should provision a load balancer to balance load across SSH proxy instances. Configure this load balancer to forward incoming TCP traffic on port `2222` to a target pool where you deploy `diego_brain` instances.
For AWS, Azure, and GCP IaaSes, you configure SSH load balancers in the **Resource Config** pane. To register SSH proxies with a load balancer, enter your load balancer name in the **Load Balancers** field in the **Diego Brain** row.
Ops Manager supports an API-only `nsx_lbs` field. You can configure load balancers in vSphere using this field.