Enabling SSH Access into a Container

Quant Cloud provides secure SSH (Secure Shell) access to running containers for debugging, troubleshooting, and direct interaction with your application environment. When SSH access is enabled, the platform automatically configures the necessary SSH service within your container, eliminating the need for pre-configured SSH servers in your Docker images.

Tip

Quant Cloud automatically installs and configures the SSH service when you enable SSH access. Your container images don’t need to include SSH servers or special configuration - the platform handles everything for you.

Enabling SSH Access

SSH access is configured on a single container within your environment through environment variables. The platform uses these variables to automatically set up secure access to that specific container without requiring any changes to your container images.

Note

SSH access can only be enabled on one container per environment. This ensures the platform knows exactly which container to route SSH connections to. Choose the container where you need debugging access - typically your main application container.

Step 1: Access Container Configuration

Navigate to your environment’s “Edit Config” page and expand the specific container you want to enable SSH access for. Click “Show Advanced Options” to reveal the environment variables section.

Step 2: Configure SSH Environment Variables

Add two essential environment variables to enable SSH access on this container:

SSH Enablement Variable

• Name: ENABLE_SSH_ACCESS
• Value: true

This tells the platform to automatically install and configure the SSH service in this specific container and route SSH traffic to it.

SSH Key Authorization Variable

• Name: AUTHORIZED_KEYS_CONTENT_BASE64
• Value: Your public SSH key(s), base64 encoded

To prepare your SSH key value:

1. Get your public key from ~/.ssh/id_rsa.pub (or your preferred key file)

   ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQ... user@hostname

2. Base64 encode the key:

   echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQ... user@hostname" | base64

3. For multiple keys, concatenate them with newlines before encoding:

   echo -e "ssh-rsa KEY1...\nssh-rsa KEY2..." | base64

4. Paste the resulting base64 string as the environment variable value

Tip

Use strong, unique SSH keys and consider using different keys for different environments. The base64 encoding ensures your keys are properly formatted for the platform configuration.

Step 3: Save and Deploy

Save your container configuration changes. This will trigger an environment redeployment where the platform automatically:

• Installs the SSH service in your container
• Configures authentication using your provided keys
• Sets up secure network access to the SSH port

Connecting to Your Container

Once your environment redeploys with SSH access enabled, you can connect to your container using standard SSH tools.

Finding Connection Details

After the deployment completes, SSH connection information becomes available on your environment’s Details tab in the “Network Information” section. Look for:

• SSH Access Status: Shows “Enabled” with the target container name
• Connection Command: The exact SSH command to use
• Host and Credentials: Connection details for your SSH client

Making the Connection

SSH connections use port 22 and follow this pattern:

ssh container-user@hostname

The connection details (hostname and username) are displayed on the environment Details tab after SSH is successfully enabled. Authentication uses the private key corresponding to the public key you configured.

Connection Examples

Standard SSH Connection:

ssh app@ssh-host.quant.cloud

Using Specific Key File:

ssh -i ~/.ssh/my-quant-key app@ssh-host.quant.cloud

Caution

The username in the SSH connection corresponds to the user configured in your Docker image. This should be a non-root user for security reasons - if your image runs as root, consider creating a dedicated application user in your Dockerfile.

Security Best Practices

Temporary Access: Enable SSH access only when needed for debugging or maintenance, then disable it afterward to minimize security exposure.

Non-Root User: Ensure your container runs as a non-root user. If your Docker image defaults to root, create a dedicated application user in your Dockerfile:

RUN adduser --disabled-password --gecos '' appuser
USER appuser

Single Container Limitation: SSH access is intentionally limited to one container per environment to maintain security boundaries and clear access control.

Key Management: Use strong, unique SSH keys for each environment. Consider using different keys for production versus development environments.

Access Logging: Monitor SSH access logs through your environment’s logging interface to track who accessed containers and when.

Network Security: SSH access is configured with appropriate network security controls. The platform handles port exposure and firewall configuration automatically.

Principle of Least Privilege: Only grant SSH access to team members who require direct container access for their responsibilities.

Tip

SSH access is particularly useful for debugging application issues, examining log files, testing configuration changes, and troubleshooting container behavior in real-time. Remember to disable SSH access once your debugging session is complete.