Hello,

according to https://docs.cloudfoundry.org/devguide/deploy-apps/app-ssh-overview.html#ssh-access-control-hierarchy there are 3 levels of configuration to enable/disable ssh access to apps running on Diego:


- Entire deployment: I guess this translates to the configuration property cc.allow_app_ssh_access [1]

- Space: cf allow-space-ssh/disallow-space-ssh

- Application: cf enable-ssh/disable-ssh

When cc.allow_app_ssh_access=true, is there a way to configure the default value for enable-ssh on space and application level? My observation is that ssh is always enabled by default. I would like to have ssh disabled by default so that space admins and developers have to enable it explicitly.

Best regards,
Stephan


[1] https://github.com/cloudfoundry/cloud_controller_ng/blob/654e39c6d22f99e75ba0833236c5e6a3f12ad967/bosh/jobs/cloud_controller_ng/spec#L522