Skip to Content
Author's profile photo Benny Schaich-Lebek

SSH into CloudFoundry – Trouble?

As you might know it is possible to SSH into a CloudFoundry container (meaning to have a terminal connection into it in case Linux is not your first home…). BUT there are obstacles. I am not aware if this is just an awkward handling of things or even a bug. However, I know that at least three people spend hours to find out what’s the problem (and I’m sure there are loads more of them).

SSH into CF, in theory

Once you have installed the command line interface for Cloudfoundry (CF CLI) it is easy for you to access a lot of useful stuff which is described in the CloudFoundry manuals

One of them is the ssh command. But before it works you need to enable it with

cf enable-ssh myapp

You need to understand that the application and also your space has to be ssh enabled. the latter usually is, the app is not. In fact it looks like it automatically switches off the enabling after a while (and that might be the change that caused a lot of head scratching).

All the details about ssh command can be found in Application SSH Overview.

SSH into CF, reality

Now, even if you have done all of this you might experience this:

C:\Users\d034365>cf ssh myapp
Error opening SSH connection: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password], no supported methods remain

You are exactly at the point where I got some more gray hair and had to find out the hard way that enabling ssh is not enough. Because what you need to do after enabling is to restart your app!

C:\Users\d034365>cf restart myapp
Restarting app myapp in org A-Team_shared / space 06_Wukla as

Stopping app...

Waiting for app to start...

name: myapp
requested state: started
instances: 1/1
usage: 1G x 1 instances
last uploaded: Wed 12 Sep 08:39:43 CEST 2018
stack: cflinuxfs2
docker image: xxxxx/dev:sap_0.1.8
start command: /home/xxxxxxx/app/ /bin/bash

state since cpu memory disk details
#0 running 2018-09-12T08:27:06Z 38.3% 138.3M of 1G 1.8G of 4G

C:\Users\d034365>cf ssh-enabled myapp
ssh support is enabled for 'myapp'


Only now you can do the ssh command:

C:\Users\d034365>cf ssh myapp

And suddenly you are in the arms of Linux.

There is more possible. For example port forwarding so you can use your favorite tools, but others have described this already, so I just link there at the end of this blog entry.

I did not yet find out why this has been changed to a more complicated way (at least I assume it was a change as others did not mention it in their blogs) but have an imagination that there is some security issue behind that -as usual.

Hope this helps!


Others describing more details:

SSH your SAP Cloud Platform CF app

Very in detail:

How to use an SSH tunnel with SCP Cloud Foundry backing-service



This can be also found in SAP notes:

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Vadim Klimov
      Vadim Klimov

      Hello Benny,

      Thank you for highlighting this very crucial step when enabling SSH for the application! I share your concern regarding confusion that can be experienced when the one executes enable-ssh command, receives OK response, and then fails to access the application via ssh command (assuming that SSH is already enabled on space level). Or, when SSH status of the application for which SSH was just enabled, is shown as enabled in the output of the command ssh-enabled, but SSH connection to the application fails because it wasn't restarted yet.

      This has been raised as a usability issue for command line client for Cloud Foundry (refer to, and it was taken into consideration, but I haven't yet noticed enable-ssh to provide any enhanced warning or information message saying that application restart is required after SSH is enabled (tested it with command line client for Cloud Foundry version 6.39.0+607d4f8be.2018-09-11 against SAP Cloud Foundry API version 2.115.0). This lets me think that probably, in future versions of either CF CLI or CF API, this will be enhanced, but I haven't seen confirmation on this.

      Given restart of the application is required currently for circumstances you described in details, it might be worth adding a reference to SAP Note 2585659 (SSH access to applications fails with "Error opening SSH connection") that also mentions similar symptoms and actions to be taken to overcome them.



      Author's profile photo Benny Schaich-Lebek
      Benny Schaich-Lebek
      Blog Post Author

      Thanks Vladim for that hint. Added the link to note.


      With kind regards,


      Author's profile photo Vivek Nidhi
      Vivek Nidhi

      Just to SSH to an instance this much stuff ?. Unless you never heard of AWS / Azure / GCP 

      Author's profile photo Benny Schaich-Lebek
      Benny Schaich-Lebek
      Blog Post Author

      As always with new technology! That's why we call it "cutting edge".....

      Author's profile photo Konrad Grzyb
      Konrad Grzyb

      "ssh support is disabled" for any app in my space on trial account 🙁

      In cloud foundry documentation:

      Note: To enable SSH access to your app, SSH access must also be enabled for both the space that contains the app and Cloud Foundry. See the App SSH Overview topic for more details.

      Command "cf space-ssh-allowed dev" give  me "ssh support is enabled in space 'dev' " .

      As mentioned on Pivotal support:

      Please check that the following conditions are met:

      • 1 The user has been given the Space Developer for the space that contains the application that is being accessed.
        My space roles are:

        Space Developer, Space Manager, Space Auditor
      • SSH access has been enabled for the application. This can be confirmed with the command cf ssh-enabled <app-name>.

      "ssh support is disabled"

      • 3 The space that is being accessed has SSH enabled. This can be confirmed with the command cf space-ssh-allowed <space-name>.

      ssh support is enabled in space 'dev'

      Don't have really more options beside to "Configuring SSH Access for Cloud Foundry" ??