Enable users to set an alternate ssh port#44
Merged
chucklever merged 6 commits intomainfrom Oct 3, 2025
Merged
Conversation
Users can now configure the Anisble SSH port via a new Kconfig menu option. The default remains port 22 (standard SSH) to avoid breaking existing setups. This configuration setting applies globally to all hosts in the Ansible inventory. The new port setting is not used yet. The review concern is whether the proposed new Kconfig option is the best user interface for this setting. Generated-by: Claude AI Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
semanage is needed to adjust SELinux settings on sshd before the first boot, and does not appear to be in the downloaded raw OS images. Generated-by: Claude AI Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Refactor: The virt-sysprep command line arguments are the same for both invocations. I'm about to add more complexity. There's no sense in duplicating that. Generated-by: Claude AI Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
When provisioning guestfs instances, make use of the Ansible ssh port setting, in case it is set to something other than port 22. Generated-by: Claude AI Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
I'm about to add the use of a cloud-init script to the other cloud providers. Place the cloud-init script used currently by AWS in a more generic location. Generated-by: Claude AI Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
When provisioning terraform instances, make use of the Ansible ssh port setting, in case it is set to something other than port 22. Generated-by: Claude AI Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
chucklever
force-pushed
the
alt-ssh-port
branch
from
b59fcb9 to
c1f1486
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Particularly in the cloud, provisioning publicly visible instances with port 22 for ssh is bad security practice. Almost as soon as kdevops brings up such an instance, it comes under attack on port 22.
So, my thought is to enable the use of an alternate port for Ansible control. This series provides that flexibility; the default is still to use port 22.
I've tested this with RHEL 9 on AWS, Azure, GCE, and OCI, and with Debian 12 on AWS; and I tested with Fedora and guestfs.
One of the side benefits of this series is that now all of the cloud providers except Lambda make use of a cloud-init script. We can introduce additional capabilities there, going forward.