Skip to content

docs: Document SSH server configuration capability for Wasmer Edge apps #147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: Document SSH server configuration capability for Wasmer Edge apps #147

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions pages/edge.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ Wasmer Edge has many features, and we have many more in development:
SSL certificates will automatically be provisioned and renewed for you.
- **Remote Sessions**: <br/>
Interactive remote shell environments, via [`wasmer ssh`](/edge/learn/remote-sessions).
- **SSH Server Configuration**: <br/>
Configure SSH servers directly within your applications with custom user authentication, passwords, and SSH key support.

### 🛠️ Features in Development

Expand Down
60 changes: 60 additions & 0 deletions pages/edge/configuration.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,66 @@ capabilities:
value: my-value
```

#### `ssh`

Configure an SSH server for your application.

This allows you to enable SSH access directly to your app instances with custom user authentication.

<Callout type="info" emoji="ℹ️">
This is different from `wasmer ssh` which provides remote sessions to the Edge platform. The `ssh` capability configures an SSH server within your specific application.
</Callout>

```yaml filename="app.yaml" copy
capabilities:
ssh:
enabled: true
users:
- username: admin
passwords:
- type: plain
password: "my-secure-password"
authorized_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ... [email protected]"
- username: developer
authorized_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... [email protected]"
```

##### SSH Configuration Fields

- **`enabled`** (optional): Enable or disable the SSH server. Defaults to `false` if not specified.
- **`users`** (optional): Array of SSH users with their authentication methods.

##### User Configuration

Each user in the `users` array can have:

- **`username`** (required): The username for SSH login.
- **`passwords`** (optional): Array of password authentication methods:
- `type: plain` with `password`: Plain text password (not recommended for production)
- `type: bcrypt` with `hash`: Bcrypt-hashed password for secure storage
- **`authorized_keys`** (optional): Array of SSH public keys for key-based authentication.

##### Security Recommendations

- Use SSH key authentication (`authorized_keys`) instead of passwords when possible
- If using passwords, prefer `bcrypt` hashed passwords over plain text
- Limit SSH access to specific users who need it
- Consider using strong, unique passwords or passphrases

Example with bcrypt password:
```yaml filename="app.yaml" copy
capabilities:
ssh:
enabled: true
users:
- username: admin
passwords:
- type: bcrypt
hash: "$2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/LewdBPj/kMaZHm.S6"
```

### `health_checks`

The `health_checks` field is used to check if an application is working correctly. If the healthchecks fail, edge will restart the application. It is **optional** and its an array of healtcheck objects
Expand Down