Skip to content

ssh_proxy job from diego/1.12.0

Github source: 9ff3c3ca or master branch

Properties

diego

ssh_proxy

allowed_ciphers

Comma separated list of allowed cipher algorithms

allowed_keyexchanges

Comma separated list of allowed key exchange algorithms

allowed_macs

Comma separated list of allowed MAC algorithms

bbs
api_location

Address to the BBS Server

Default
bbs.service.cf.internal:8889
ca_cert

PEM-encoded CA certificate

client_cert

PEM-encoded client certificate

client_key

PEM-encoded client key

client_session_cache_size

capacity of the tls client cache

max_idle_conns_per_host

maximum number of idle http connections

require_ssl

enable ssl for all communication with the bbs

Default
true
cc
external_port

External port of the Cloud Controller API

Default
9022
internal_service_hostname

Internal service hostname of Cloud Controller Api

Default
cloud-controller-ng.service.cf.internal
debug_addr

address at which to serve debug info

Default
127.0.0.1:17016
diego_credentials

Diego Credentials to be used with the Diego authenitcation method

dropsonde_port

local metron agent’s port

Default
3457
enable_cf_auth

Allow ssh access for cf applications

Default
false
enable_diego_auth

Allow ssh access for diego applications

Default
false
healthcheck_listen_addr

address for the ssh proxy healthcheck server

Default
0.0.0.0:2223
host_key

PEM encoded RSA private key used to identify host

listen_addr

address for the proxy to listen on

Default
0.0.0.0:2222
log_level

Log level

Default
info
uaa
ca_cert

The CA certificate of the UAA

port

The port to contact UAA on

url

The domain name of the UAA

Default
https://uaa.service.cf.internal
uaa_secret

The oauth client secret used to authenticate the ssh-proxy with the uaa

uaa_token_url

URL of the UAA token endpoint

ssl

skip_cert_verify

when connecting over https, ignore bad ssl certificates

Default
false

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/ssh_proxy/ directory (learn more).

  • bin/ssh_proxy_as_vcap (from ssh_proxy_as_vcap.erb)
  • bin/ssh_proxy_ctl (from ssh_proxy_ctl.erb)
  • config/certs/bbs/ca.crt (from bbs_ca.crt.erb)
  • config/certs/bbs/client.crt (from bbs_client.crt.erb)
  • config/certs/bbs/client.key (from bbs_client.key.erb)
  • config/certs/uaa/ca.crt (from uaa_ca.crt.erb)
  • config/ssh_proxy.json (from ssh_proxy.json.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.