SSH access is only available when you deploy with a dev OS image. Select “dstack-dev” as the OS type when creating your CVM. Production OS images have SSH disabled for security.
Prerequisites
- SSH client on your local machine
- OpenSSL installed
- CVM deployed with Development OS
Step 1: Set Root Credentials
When deploying your CVM, set one of these environment variables: For password authentication:- Add
DSTACK_ROOT_PASSWORDas a secure environment variable
- Add
DSTACK_ROOT_PUBLIC_KEYwith your SSH public key
Step 2: Configure Your SSH Client
Add this to your~/.ssh/config file:
<app-id>with your application ID (find it in the dashboard)<cluster>with your cluster (e.g.,us)
Step 3: Connect
macOS users: If you encounter connection timeouts, you may have LibreSSL instead of OpenSSL. Install OpenSSL via Homebrew (
brew install openssl) and update your ProxyCommand to use the full path to the Homebrew OpenSSL binary.What You Can Do
Once connected, you have full access to debug and manage your CVM:Security Notes
- SSH traffic is tunneled through TLS via the gateway
- Only your code inside the TEE can see the decrypted SSH session
- Use key-based authentication for production debugging
- Remember to switch to Production OS when you’re done debugging
Troubleshooting
Permission denied?- Verify your credentials are set in environment variables
- Use “Code Update” to add them if forgotten during deployment
- Check your OpenSSL version:
openssl version - macOS users: ensure you’re using OpenSSL, not LibreSSL
- Confirm you deployed with Development OS, not Production OS