Automates ssh connectivity to MindSphere applications running in CloudFoundry.
When running MindSphere applications, ssh access requires several steps. To aid in this task, the script provides the following functionality:
- Automates the generation of the required one-time password
- Tunnels appropriately ssh connections when proxy settings are detected
Tested in Debian Linux 9.5 and macOS 10.13+
-
Assumes that access to the appropriate CloudFoundry deployment has been correctly setup in the environment, particularly 'cf target' and 'cf apps' work properly
-
The following shell commands are available in the environment:
- openssh client
- (if using HTTP_PROXY) proxytunnel
- jq
- sshpass
If you are on macOS, please check: https://gist.github.com/arunoda/7790979#installing-on-os-x - (only on macOS) gnu-sed
cf-ssh.sh -v -a my-app
The following command tunnels local port 8080
to remote port 80
:
cf-ssh.sh -v -a my-app -- -L8080:localhost:80
Multiple ports are also possible, the options after --
are just standard
OpenSSH options:
cf-ssh.sh -v -a my-app -- -L8080:localhost:80 -L8081:localhost:8081
MindSphere does not allow direct ssh access to services, so an intermediate reachable application that is bound to the service is needed.
Steps:
-
Obtain the db connection details by checking the environment variable
VCAP_SERVICES
of the application bound to the service (usecf env <app>
) -
Extract from this data: db url, db port, user, password
-
Create an ssh tunnel, forwarding a local port to the remote one:
cf-ssh.sh -v -a my-app -- -L8888:<db-url>:<db-port>
-
Now in a different terminal, using your preferred db browser, connect to the db using the local tunnel at
localhost:8888
, providing the user and password you extracted earlier