71 lines (51 sloc) 4.63 KB
title: Accessing Services with SSH
owner: Core Services
<strong><%= modified_date %></strong>
This page assumes you are using Cloud Foundry Command Line Interface (cf CLI) v6.15.0 or later.
This topic describes how to gain direct command line access to your deployed service instance. For example, you may need access to your database to execute raw SQL commands to edit the schema, import and export data, or debug application data issues.
To establish direct command line access to a service, you deploy a host app and use its SSH and port forwarding features to communicate with the service instance through the app container. The technique outlined below works with TCP services such as MySQL or Redis.
<p class='note'><strong>Note</strong>: The procedure in this topic requires use of a service key, and not all services support service keys. Some services support credentials through <a href="../services/application-binding.html">application binding</a> only.</p>
##<a id="create-instance"></a>Create a Service Instance##
1. In your terminal window, log in to your deployment with `cf login`.
1. <%= vars.ssh_marketplace_step %>
<pre class="terminal">$ cf marketplace
<%=vars.ssh_marketplace_output %>
1. Create your service instance. As part of the [create-service]( command, indicate the service name, the service plan, and the name you choose for your service instance.
<pre class="terminal">$ cf create-service <%=vars.ssh_service %> <%=vars.ssh_service_plan %> MY-DB </pre>
##<a id="push-app"></a>Push Your Host App##
To push an app that will act as the host for the SSH tunnel, push any app that will successfully deploy to <%= vars.product_full %>.
<p class="note"><strong>Note</strong>: Your app must be prepared before you push it. See the <a href="deploy-app.html">Deploy an Application</a> topic for details on preparing apps for deployment.
1. Push your app.
<pre class="terminal">$ cf push YOUR-HOST-APP</pre>
1. Enable SSH for your app.
<pre class="terminal">$ cf enable-ssh YOUR-HOST-APP</pre>
<p class="note"><strong>Note</strong>: To enable SSH access to your app, SSH access must also be enabled for both the space that contains the app and <%= vars.product_full %>. See the [Application SSH Overview](./app-ssh-overview.html) topic for more details.</p>
##<a id="bind-app"></a>Create Your Service Key##
To establish SSH access to your service instance, you must create a service key that contains critical information for configuring your SSH tunnel.
1. Create a service key for your service instance using the [cf create-service-key]( command.
<pre class="terminal">$ cf create-service-key MY-DB EXTERNAL-ACCESS-KEY</pre>
1. Retrieve your new service key using the [cf service-key]( command.
<pre class="terminal">$ cf service-key MY-DB EXTERNAL-ACCESS-KEY
Getting key EXTERNAL-ACCESS-KEY for service instance MY-DB as user<span>@</span>
<%= vars.ssh_service_access_key %>
##<a id="ssh-tunnel"></a>Configure Your SSH Tunnel
Configure an SSH tunnel to your service instance using [cf ssh]( Tailor the example command below with information from your service key.
<pre class="terminal">$ cf ssh -L 63306:<%= vars.ssh_service_host %>:3306 YOUR-HOST-APP</pre>
* Use any available local port for port forwarding. For example, `63306`.
* Replace `<%= vars.ssh_service_host %>` with the address provided under `hostname` in the service key retrieved above.
* Replace `3306` with the port provided under `port` above.
* Replace `YOUR-HOST-APP` with the name of your host app.
After you enter the command, open another terminal window and perform the steps below in [Access Your Service Instance](#access-service).
##<a id="access-service"></a>Access Your Service Instance##
To establish direct command-line access to your service instance, use the relevant command line tool for that service. This example uses the MySQL command line client to access the <%= vars.ssh_service %> service instance.
<pre class="terminal">$ mysql -u b5136e448be920 -h 0 -p -D ad_b2fca6t49704585d -P 63306</pre>
* Replace `b5136e448be920` with the username provided under `username` in your service key.
* `-h 0` instructs `mysql` to connect to your local machine.
* `-p` instructs `mysql` to prompt for a password. When prompted, use the password provided under `password` in your service key.
* Replace `ad_b2fca6t49704585d` with the database name provided under `name` in your service key.
* `-P 63306` instructs `mysql` to connect on port `63306`.