When Diego was made the default runtime on PWS in October 2015, a number
of things changed in the cf cli behaviour which at that point in time was
bumped to 6.13.0. cf files stopped working & cf ssh became a cf cli
built-in, not a Diego plugin add-on.

To get cf ssh working with Diego apps deployed on PWS, cf login had to be
run with the --sso flag. I know this with absolute certainty because we
ended up changing some of the CF training material for the Berlin CF
Summit. This is the commit
<https://github.com/CloudCredo/training-cf-zero-to-hero/commit/582fcae8d330c2a6b0b95580dc6f70b1ee6d98b4>
that captured the initial training material changes and, after discussing
the Diego / cf ssh situation with PWS support, this commit
<https://github.com/CloudCredo/training-cf-zero-to-hero/commit/ea87036c0c66ca84de5f3f1b52bb3f14ac9e5d69>
changed the "Not fully integrated into PWS yet" to "Not publicly announced
on PWS yet".

I have just re-run the steps with the CF training debug app against PWS
*without* the --sso flag

cf login -a api.run.pivotal.io -u gerhard(a)...
cd 06-debugging/debug-app
cf p
cf ssh debug-app
vcap(a)9o0gc0qe8rh:~$

I can confirm that cf ssh works with the regular login, the --sso flag is
no longer required when logging in
<https://github.com/CloudCredo/training-cf-zero-to-hero/commit/8671431949cff803b98b5a6c3f48df761bd0998d>
.

Thanks, Gerhard.


On Thu, Jan 7, 2016 at 7:36 PM, Daniel Mikusa <dmikusa(a)pivotal.io> wrote:

On Thu, Jan 7, 2016 at 1:48 PM, Kris Hicks <khicks(a)pivotal.io> wrote:

It sounds like we should make some changes to remove some of the anguish
Juan Antonio has gone through:

* Update
https://docs.pivotal.io/pivotalcf/customizing/diego-ssh/access-apps.html to
include the notice that the plugin is only for CLI v6.12.4 and older

+1

* Update cf files help text to say it only works for DEAs

+1

* Update cf files to only work when the targeted space has SSH enabled

+1, but I think you mean `cf ssh` not `cf files`, right?

* Update cf ssh help text to say it only works for Diego

+1

* Update cf ssh's error message when login fails due to not having
logged in with a token, if possible

I don't agree with this one. @gerhard - can you expand on your comment.

Dan

I've copied the CLI PM, Dies Koper, to get these stories created.

KH


On Fri, Jan 8, 2016 at 4:19 AM, Gerhard Lazu <gerhard(a)cloudcredo.com>
wrote:

You need to cf login with a token - not the password - for cf ssh to
work. cf h login will tell you the exact flag to use for token login.

Gerhard


On Thursday, 7 January 2016, Juan Antonio Breña Moral <
bren(a)juanantonio.info> wrote:

Yes, debugging CLI I think that the problem is in this REST call:

GET /login?code=4xCqgC HTTP/1.1
Host: uaa.run.pivotal.io
User-Agent: Go-http-client/1.1
Referer:
https://uaa.run.pivotal.io/oauth/authorize?client_id=ssh-proxy&grant_ty
pe=authorization_code&response_type=code
<https://uaa.run.pivotal.io/oauth/authorize?client_id=ssh-proxy&grant_type=authorization_code&response_type=code>
Accept-Encoding: gzip



RESPONSE: [2016-01-07T15:05:43+01:00]
HTTP/1.1 302 Found

FAILED
Error: SSH session allocation failed: ssh: unexpected packet in
response to chan
nel open: <nil>
FAILED
Error: SSH session allocation failed: ssh: unexpected packet in
response to chan
nel open: <nil>

Juan Antonio