Re: Enable/disable ssh access

Nicholas Calugar

Your assessment is correct. It seems like we could use another
configuration, like default_app_ssh_access that would be added to the line
you linked:

Would anyone be willing to submit a PR for this?

Nicholas Calugar

On November 10, 2016 at 10:07:25 AM, Noburou TANIGUCHI (dev(a)

It seems that, with the current implementation, there's no way to disable
by default while configuring `cc.allow_app_ssh_access` as true.

It is since the default value of `allow_ssh` for a space is true [1], and
the value of `enable_ssh` for an app becomes true if it is nil
and`cc.allow_app_ssh_access`and space.allow_ssh` is true [2].


Grifalconi, Michael wrote
Hi, I sent the same question (in a less formal way) a couple of days ago


no answer yet

From: "Merker, Stephan" <
Reply-To: "Discussions about Cloud Foundry projects and the system
overall." <
Date: Thursday, 10 November 2016 at 14:38
To: "
" <
Subject: [cf-dev] Enable/disable ssh access


according to
there are 3 levels of configuration to enable/disable ssh access to apps
running on Diego:

- Entire deployment: I guess this translates to the configuration
property cc.allow_app_ssh_access [1]

- Space: cf allow-space-ssh/disallow-space-ssh

- Application: cf enable-ssh/disable-ssh

When cc.allow_app_ssh_access=true, is there a way to configure the
value for enable-ssh on space and application level? My observation is
that ssh is always enabled by default. I would like to have ssh disabled
by default so that space admins and developers have to enable it

Best regards,


Hello all,

We would like to enable Diego SSH as an option that can be set by the
developer on his application but currently it is enabled by default and
the developer have to take action to disable the service for his
application with the command `cf enable-ssh|disable-ssh`.

Is it possible to change the default to ‘disabled’ and still allow
developer to enable it?




I'm not a ...
View this message in context:
Sent from the CF Dev mailing list archive at

Join { to automatically receive all group messages.