We are happy to announce, in the March 2019 Cloud Authentication Service, that you can now use the Identity Router Setup Console to enable SSH and debug logging for in-depth troubleshooting of the identity router when it is unable to connect to the Cloud Authentication Service. Enabling SSH in the Identity Router Setup Console provides the same functionality as enabling SSH in the Cloud Administration Console with one exception. In the Cloud Administration Console, you can limit connectivity to the identity router by specifying source networks in the SSH firewall rule. In the Identity Router Setup Console, any network component can access the identity router when you enable SSH. Because of this, enable emergency SSH only for a specified period of time and then disable it.
The published SSH firewall setting in the Cloud Administration Console overrides the SSH setting in the Identity Router Setup Console. For example, suppose an administrator enables emergency SSH in the Identity Router Setup Console. Then another administrator removes the SSH firewall setting on the identity router in the Cloud Administration Console and publishes the changes. The Identity Router Setup Console disables emergency SSH. Additionally If you change and save the Log Level setting in the Cloud Administration Console, the change overwrites this setting in the Identity Router Setup Console. For more details on this feature - check out the product documentation here - Troubleshooting Identity Router Issues