Change the default sshd port

I’m trying all possible ways, change the default port sshd, have tried to create the sshd_config file, in cloud-config.yml file, but without success.

write_files:
- path: /etc/ssh/sshd_config
  permissions: 0600
  owner: root:root
  content: |
     Port 2222
     AuthorizedKeysFile	.ssh/authorized_keys
     UsePrivilegeSeparation sandbox		# Default for new installations.
     ClientAliveInterval 180
     Subsystem	sftp	/usr/libexec/sftp-server
     UseDNS no
     PermitRootLogin no
     AllowGroups docker

I did not find information on how to do this via ros config. Can anyone help me ?

1 Like

@lgcosta I’m afraid, this is not currently possible, because sshd_config is now rewritten by the console container start script after cloud-init execute phase is run.

Maybe we’ll change it in v0.4.1: https://github.com/rancher/os-images/pull/36

1 Like

Thanks for reply @imikushin. As a palliative way, I’m doing as follows:

sudo mkdir -p /opt/rancher/bin
sudo bash -c 'cat <<EOF > /opt/rancher/bin/start.sh
#!/bin/bash
sudo sed -i "s/#Port 22/Port 2222/" /etc/ssh/sshd_config
sudo kill -HUP \$(ps ax |grep "sshd -D" | grep -v grep | awk "{ print $1 }")
EOF'
sudo chmod +x /opt/rancher/bin/start.sh

This is working :wink:

best place in the cloud-config.yml :smile:

write_files:
    - path: /opt/rancher/bin/start.sh
    permissions: "0755"
    owner: root
    content: |
      #!/bin/bash
      sudo sed -i "s/#Port 22/Port 2222/" /etc/ssh/sshd_config
      sudo kill -HUP \$(ps ax |grep "sshd -D" | grep -v grep | awk "{ print $1 }")

That’s creative :smile:

Hello,

what is the current status of this in 0.4.1? Will the original OP’s solution work now?

Karel

The issue mentioned above was merged before we cut v0.4.1, so it should be available. @imikushin Please let me know if I’m mistaken.

Yes, I can confirm it works now!

Just one thing:
permissions: 0600 will not be accepted! it has to be changed to permissions: “0600”

It is a mystery to me why so many cloud-init examples have missing quotes there. write_files won’t work at all if those quotes are missing (spent 2 hours by debugging this!)

1 Like