diff --git a/sandboxes/_data.ts b/sandboxes/_data.ts index d5a034ce3..e903b1ab2 100644 --- a/sandboxes/_data.ts +++ b/sandboxes/_data.ts @@ -27,8 +27,8 @@ export const sidebar = [ href: "/sandboxes/expose_http/", }, { - title: "Expose SSH", - href: "/sandboxes/expose_ssh/", + title: "SSH", + href: "/sandboxes/ssh/", }, { title: "Manage Deploy apps", diff --git a/sandboxes/expose_ssh.md b/sandboxes/ssh.md similarity index 80% rename from sandboxes/expose_ssh.md rename to sandboxes/ssh.md index 48117807e..e493ec363 100644 --- a/sandboxes/expose_ssh.md +++ b/sandboxes/ssh.md @@ -1,11 +1,11 @@ --- -title: "Expose SSH" +title: "SSH" description: "How to open secure SSH access into a sandbox for interactive debugging, editor sessions, or long-running processes." --- Sandboxes can hand out SSH credentials so you can inspect the filesystem, tail -logs, run editors, or forward ports while the microVM stays isolated on the -Deploy edge. +logs, run editors, or forward ports. SSH access is available both in your +terminal as a command and in the Deno Deploy Sandbox UI. ```tsx import { Sandbox } from "@deno/sandbox"; @@ -24,18 +24,10 @@ script releases its references (for example, the `await using` block ends) the sandbox shuts down and the SSH endpoint disappears; you can also call `sandbox.kill()` if you need to tear it down immediately. -## When to use SSH access - -- Debugging agent-generated code that only fails in the sandbox -- Editing files with a full-screen terminal editor or remote VS Code -- Streaming logs in real time without instrumenting application code -- Running profiling or inspection tools that are easier to use manually - -Because each sandbox is already isolated, opening SSH does not compromise other -projects or organizations. - ## Connecting from your machine +### exposeSsh method + 1. Request credentials via `sandbox.exposeSsh()`. 2. Connect using the provided username and hostname: @@ -46,13 +38,34 @@ ssh ${username}@${hostname} 3. Use regular terminal workflows: copy files, run top, tail logs, or attach to running processes. -:::tip +## In the terminal + +You can SSH into your sandbox from the terminal using the `--ssh` flag when +running your script: + +```bash +deno sandbox create -ssh +``` + +## In the Deno Deploy console + +After creating a sandbox, you can SSH into it in the Deno Deploy web app. -Tip: combine SSH with -[port forwarding](https://man.openbsd.org/ssh#LOCAL_FORWARDING) to view dev -servers that are bound to `localhost` inside the sandbox. +1. Log in to [console.deno.com](https://console.deno.com/) and navigate to the + "Sandboxes" section. +2. Either create a new sandbox or select an existing one from the list. +3. Click **Start SSH terminal** to open an interactive terminal session in your + browser. -::: +## When to use SSH access + +- Debugging agent-generated code that only fails in the sandbox +- Editing files with a full-screen terminal editor or remote VS Code +- Streaming logs in real time without instrumenting application code +- Running profiling or inspection tools that are easier to use manually + +Because each sandbox is already isolated, opening SSH does not compromise other +projects or organizations. ## Security considerations diff --git a/sandboxes/timeouts.md b/sandboxes/timeouts.md index 282760805..c09d31fd0 100644 --- a/sandboxes/timeouts.md +++ b/sandboxes/timeouts.md @@ -56,5 +56,5 @@ Coming soon. provisioning. - `Sandbox.connect({ id })` – resume control of a duration-based sandbox. - `Sandbox.kill()` – terminate early. -- [`Expose HTTP`](./expose_http.md) and [`Expose SSH`](./expose_ssh.md) – note - that their URLs/credentials die with the sandbox lifetime. +- [`Expose HTTP`](./expose_http.md) and [`SSH`](./ssh.md) – note that their + URLs/credentials die with the sandbox lifetime.