Re: Enable/disable ssh access

Home Messages Hashtags Subgroups

#6039

Re: Enable/disable ssh access

Nicholas Calugar #6039 Your assessment is correct. It seems like we could use another configuration, like default_app_ssh_access that would be added to the line you linked: https://github.com/cloudfoundry/cloud_controller_ng/blob/f2b4118fb23665d8f021ef2f82de9952c563cddd/app/models/runtime/app.rb#L274 Would anyone be willing to submit a PR for this? -- Nicholas Calugar toggle quoted message Show quoted text On November 10, 2016 at 10:07:25 AM, Noburou TANIGUCHI (dev(a)nota.m001.jp) wrote: It seems that, with the current implementation, there's no way to disable ssh by default while configuring `cc.allow_app_ssh_access` as true. It is since the default value of `allow_ssh` for a space is true [1], and the value of `enable_ssh` for an app becomes true if it is nil and`cc.allow_app_ssh_access`and space.allow_ssh` is true [2]. [1] https://github.com/cloudfoundry/cloud_controller_ng/blob/f2b4118fb23665d8f021ef2f82de9952c563cddd/app/controllers/runtime/spaces_controller.rb#L12 [2] https://github.com/cloudfoundry/cloud_controller_ng/blob/f2b4118fb23665d8f021ef2f82de9952c563cddd/app/models/runtime/app.rb#L274 Grifalconi, Michael wrote Hi, I sent the same question (in a less formal way) a couple of days ago :) (attached) no answer yet From: "Merker, Stephan" < stephan.merker@ > Reply-To: "Discussions about Cloud Foundry projects and the system overall." < cf-dev(a).cloudfoundry > Date: Thursday, 10 November 2016 at 14:38 To: " cf-dev(a).cloudfoundry " < cf-dev(a).cloudfoundry > Subject: [cf-dev] Enable/disable ssh access Hello, according to https://docs.cloudfoundry.org/devguide/deploy-apps/app-ssh-overview.html#ssh-access-control-hierarchy there are 3 levels of configuration to enable/disable ssh access to apps running on Diego: - Entire deployment: I guess this translates to the configuration property cc.allow_app_ssh_access [1] - Space: cf allow-space-ssh/disallow-space-ssh - Application: cf enable-ssh/disable-ssh When cc.allow_app_ssh_access=true, is there a way to configure the default value for enable-ssh on space and application level? My observation is that ssh is always enabled by default. I would like to have ssh disabled by default so that space admins and developers have to enable it explicitly. Best regards, Stephan [1] https://github.com/cloudfoundry/cloud_controller_ng/blob/654e39c6d22f99e75ba0833236c5e6a3f12ad967/bosh/jobs/cloud_controller_ng/spec#L522 Hello all, We would like to enable Diego SSH as an option that can be set by the developer on his application but currently it is enabled by default and the developer have to take action to disable the service for his application with the command `cf enable-ssh\|disable-ssh`. Is it possible to change the default to ‘disabled’ and still allow developer to enable it? Thanks Best, Michael ----- I'm not a ... Noburou TANIGUCHI -- View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-Enable-disable-ssh-access-tp6088p6091.html Sent from the CF Dev mailing list archive at Nabble.com. attachment.html
More All Messages By This Member

View All 5 Messages In Topic

#6039

Join {cf-dev@lists.cloudfoundry.org to automatically receive all group messages.

Home Hashtags Subgroups Terms