How to start ssh inside warden container?

[7192...@qq.com]

After running the commod，go into the warden container:
/var/vcap/data/warden/depot/17eb2tiu690/bin/iomux-spawn /var/vcap/data/warden/depot/17eb2tiu690/jobs/717 /var/vcap/data/warden/depot/17eb2tiu690/bin/wsh --socket /var/vcap/data/warden/depot/17eb2tiu690/run/wshd.sock --user vcap /bin/bash

Inside the warden container,I want to start ssh :service ssh start
but there is a error:
start: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused

How to start ssh inside warden container？

[James Bayer]

ssh is not a supported service to expose to end users for cloud foundry end-users. we recommend bosh ssh for operators.

for hacking on the cf codebase, i've heard of some developers having success playing with dropbear [1]. you'll have to make sure there is a network path to the ssh server, which CF doesn't do by default as there is only a single port opened per warden container and that maps to a network address translation. the key question is what is your use case?

[1] https://matt.ucc.asn.au/dropbear/dropbear.html

To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.

--

Thank you,

James Bayer

[7192...@qq.com]

Thanks for your advice.
My use case is that I need the warden containers communicate with ssh,so I want to start ssh server inside the warden container.

[Wayne E. Seguin]

You could create an 'ssh-buildpack' which provides ssh daemon within the /var/vcap/ path, your only requirement is that it's available to the code running?

[Dr Nic Williams]

Thoughts on how ssh sessions will be passed through the router? 

Afaik the gorouter must receive an HTTP request and can then "downgrade" to a TCP connection via a specific Header. The router also now only passes a single port to each warden container (I thought it used to be 3 ports - app, debug, console). So you may have to reuse the same port as being used by the app.

[Dan Higham]

Are you just after console access to a warden container?

On Tue, Dec 31, 2013 at 3:05 PM, Dr Nic Williams <drnicw...@gmail.com> wrote:

Thoughts on how ssh sessions will be passed through the router? 

Afaik the gorouter must receive an HTTP request and can then "downgrade" to a TCP connection via a specific Header. The router also now only passes a single port to each warden container (I thought it used to be 3 ports - app, debug, console). So you may have to reuse the same port as being used by the app.

To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.

--

Kind Regards

Dan Higham

Pivotal Support

[David Laing]

I've successfully made an outward ssh connection from inside a warden container, to set up a ssh tunnel to a third party service.

It was simply a case of getting my app to spawn ssh.

See https://github.com/cityindex/logsearch-purge-bot/blob/master/src/PurgeBot/start_ssh_tunnel.rb

I doubt you will have any success supporting incoming ssh sessions, the environments firewall rules, routing and design pattern is working against you at every step.

A better path is to implement something that can stream console commands over websockets.  James posted an experiment in the direction - https://groups.google.com/a/cloudfoundry.org/forum/m/#!topic/vcap-dev/0Ow9ev0xgvQ

:D

[Bin Wu]

Are you just after console access to a warden container?

This is what I am after. So what is the answer please? 

Regards,

Bin

Bin Wu | BluePoint |  03 9296 5100 |  0423 710 288 | www.bluepoint.net.au

BluePoint partnered with Google - 'connecting people to content'

Google’s search tools for the enterprise bring a new level of access to unstructured information. 
Empowering knowledge workers delivers greater productivity and even creativity to the organisation.
Bring the Google.com experience to your workplace today

[James Bayer]

this isn't an ssh console, but a text based console rendered in a web page. it normally operates as a simple reverse proxy to your app running in the container. however, a special context path will turn it into a text based web console in a web page. dan wrote about this before on the list before. he told me he wants to add some simple authentication and it's a work-in-progress. so it's not a solution where you must have ssh for binary file transfers, etc. but if you just want to run some basic OS commands then this can work.

https://gist.github.com/danhigham/8970438

On Wed, Feb 12, 2014 at 11:55 PM, Bin Wu <bi...@bluepoint.net.au> wrote:

Are you just after console access to a warden container?

This is what I am after. So what is the answer please? 

On 1 January 2014 00:00, Dan Higham <dhi...@gopivotal.com> wrote:

Are you just after console access to a warden container?

On Tue, Dec 31, 2013 at 3:05 PM, Dr Nic Williams <drnicw...@gmail.com> wrote:

Thoughts on how ssh sessions will be passed through the router? 

Afaik the gorouter must receive an HTTP request and can then "downgrade" to a TCP connection via a specific Header. The router also now only passes a single port to each warden container (I thought it used to be 3 ports - app, debug, console). So you may have to reuse the same port as being used by the app.

To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.

--

Kind Regards

Dan Higham

Pivotal Support

To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.

--

Regards,

Bin

Bin Wu | BluePoint |  03 9296 5100 |  0423 710 288 | www.bluepoint.net.au

BluePoint partnered with Google - 'connecting people to content'

Google’s search tools for the enterprise bring a new level of access to unstructured information. 
Empowering knowledge workers delivers greater productivity and even creativity to the organisation.
Bring the Google.com experience to your workplace today

To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.

--

Thank you,

James Bayer