SSH into your apps and services

In this Topic you will learn how you can build up an ssh-connection to your applications container and the dataservices. With an interactive ssh session in your app container or dataservice resource you can directly interact with your application or service. The STACKIT Cloud Foundry platform generally supports ssh connections, so you can ssh into any container or dataservice you have the access rights to.

You can learn more about the ssh-access to your application and services in the Cloud Foundry documentation.

Do you just want to try out the STACKIT Cloud Foundry for a first time, without having your actual cloud ready application prepared yet?

Then you can just use one of the sample applications the Cloud Foundry Open Source Community created for demo use cases, which you can find in their GitHub repository.

Access your application with SSH

Once you have logged into your space with the CF CLI you can easily connect to your application via SSH with the following command:

cf ssh <APPNAME>

This will directly open up an SSH connection to the first instance of your application (the application with index 0) hosted in your space.

You need to have at least the “space-developer” rights to be able to SSH into an app-container running in that space.

Additionally you can use common flags with the SSH command like -i for selecting the index of the instance you want to SSH in. You can find out more about the flags via the command cf ssh --help or in the Cloud Foundry documentation.

Access your service with SSH

In order to access your dataservice, you have to create a SSH-tunnel through your applications container. So you need to have an application hosted in the space, the dataservice is bound to.

Additionally you need to create a service access key to access your dataservice in an auditable fashion. You can create a service access key once logged in to your space via the CF CLI with the following command:

cf create-service-key <SERVICE_INSTANCE_NAME> <ACCESS_KEY_NAME>

You can afterwards retrieve your service key with the cf service-key command like in the following example:

cf service-key MY-DB EXTERNAL-ACCESS-KEY

Getting key EXTERNAL-ACCESS-KEY for service instance MY-DB as user@example.com

{
  "hostname": "us-cdbr-iron-east-01.mysql.net",
  "jdbcUrl": "jdbc:mysql://us-cdbr-iron-east-03.mysql.net/ad_b2fca6t49704585d?user=b5136e448be920\u0026password=231f435o05",
  "name": "ad_b2fca6t49704585d",
  "password": "231f435o05",
  "port": "3306",
  "uri": "mysql://b5136e448be920:231f435o05@us-cdbr-iron-east-03.mysql.net:3306/ad_b2fca6t49704585d?reconnect=true",
  "username": "b5136e448be920"
}

You can afterwards use this information from your service access key to create the SSH-tunnel through your applications container to the dataservice with the command:

cf ssh -L <LOCAL_FORWARDING_PORT>:<SERVICE_HOSTNAME>:<SERVICE_PORT> <APP_NAME>

For the example service access key given above, this command would then look like:

cf ssh -L 63306:us-cdbr-iron-east-01.mysql.net:3306 YOUR-HOST-APP

This will create the SSH-tunnel to access your dataservice through your applications container and enable you to directly interact with your services.