SSH Gateway

If enabled (via global.ssh_gateway.enabled), this service runs an SSH server as a gateway to access projects. Users can add their public SSH key to a project or their account. With that, they’re allowed users to ssh inside a running project.

Use cases are:

  • simplifying running tasks, like periodic checks, etc.

  • up- or downloading files via scp or rsync

  • accessing scripts/software hosted on CoCalc from within another headless system, e.g. a cluster

Network setup: the connection to the outside world works by exposing the service’s endpoint. This is a “global” setup of your cluster, hence it is outside the scope of CoCalc’s HELM chart.

For the NGINX ingress controller, the TCP service of ssh-gateway must be added to the tcp-services configmap. If you’re using its HELM chart, see /ingress-nginx/values.yaml for a working example, under tcp: {...}.


If you already had setup a LoadBalancer and update, it might not pick up the new configuration to include port 22. The easiest way to fix this is to delete the LoadBalancer and let it be recreated.