Change the default sshd port

lgcosta · November 3, 2015, 11:23pm

I’m trying all possible ways, change the default port sshd, have tried to create the sshd_config file, in cloud-config.yml file, but without success.

write_files:
- path: /etc/ssh/sshd_config
  permissions: 0600
  owner: root:root
  content: |
     Port 2222
     AuthorizedKeysFile	.ssh/authorized_keys
     UsePrivilegeSeparation sandbox		# Default for new installations.
     ClientAliveInterval 180
     Subsystem	sftp	/usr/libexec/sftp-server
     UseDNS no
     PermitRootLogin no
     AllowGroups docker

I did not find information on how to do this via ros config. Can anyone help me ?

imikushin · November 9, 2015, 9:14am

@lgcosta I’m afraid, this is not currently possible, because sshd_config is now rewritten by the console container start script after cloud-init execute phase is run.

Maybe we’ll change it in v0.4.1: https://github.com/rancher/os-images/pull/36

lgcosta · November 10, 2015, 7:59pm

Thanks for reply @imikushin. As a palliative way, I’m doing as follows:

sudo mkdir -p /opt/rancher/bin
sudo bash -c 'cat <<EOF > /opt/rancher/bin/start.sh
#!/bin/bash
sudo sed -i "s/#Port 22/Port 2222/" /etc/ssh/sshd_config
sudo kill -HUP \$(ps ax |grep "sshd -D" | grep -v grep | awk "{ print $1 }")
EOF'
sudo chmod +x /opt/rancher/bin/start.sh

This is working

lgcosta · November 10, 2015, 9:52pm

best place in the cloud-config.yml

write_files:
    - path: /opt/rancher/bin/start.sh
    permissions: "0755"
    owner: root
    content: |
      #!/bin/bash
      sudo sed -i "s/#Port 22/Port 2222/" /etc/ssh/sshd_config
      sudo kill -HUP \$(ps ax |grep "sshd -D" | grep -v grep | awk "{ print $1 }")

imikushin · November 11, 2015, 4:42am

That’s creative

carloss · November 23, 2015, 11:20am

Hello,

what is the current status of this in 0.4.1? Will the original OP’s solution work now?

Karel

denise · November 23, 2015, 6:55pm

The issue mentioned above was merged before we cut v0.4.1, so it should be available. @imikushin Please let me know if I’m mistaken.

carloss · November 23, 2015, 9:52pm

Yes, I can confirm it works now!

Just one thing:
permissions: 0600 will not be accepted! it has to be changed to permissions: “0600”

It is a mystery to me why so many cloud-init examples have missing quotes there. write_files won’t work at all if those quotes are missing (spent 2 hours by debugging this!)

Topic		Replies	Views
Change the default SSH port Rancher 1.x	4	1601	September 1, 2017
Change sshd listen ip / port? RancherOS	5	2316	May 23, 2017
Restart SSH service in cloud-config RancherOS	1	1704	June 19, 2022
How to set KexAlgorithms in /etc/ssh/sshd_config RancherOS	3	2282	February 17, 2017
RancherOS initialization issue RancherOS	4	2435	June 27, 2017

Change the default sshd port

Related topics