We usually change SSH port to different one for some security. Like when provisioning server from official Ubuntu AMI, connecting to a server fails using same ssh_config without specifying port 22 explicitly.
the following quick hack task adds Port
line on /etc/ssh/sshd_config
then restart sshd. This works on Ubuntu 14.04 trusty. Change ensure_cmd
for your system. Note that this adds listening port, not replacing port. More modification on sshd_config will be done via provisioning tool which run after this simple task, so this task only does simple one.
I recommend to make this task runs before deploy task.
task :ensure_ssh_port do
on roles(:app) do |srv|
user = srv.ssh_options[:user]
port = srv.ssh_options[:port] || Net::SSH::Config.for(srv.to_s)[:port]
unless port
puts "ensure_ssh_port(#{srv}, #{port}): skip"
next
end
puts "ensure_ssh_port(#{srv}, #{port}): start"
user_opt = user ? "#{user}@" : ""
if system(*%W(ssh -T -p #{port} #{user_opt}#{srv} true), err: File::NULL, out: File::NULL)
puts "ensure_ssh_port(#{srv}, #{port}): ok"
execute "echo '#{srv} port ensured'"
next
end
unless system(*%W(ssh -T -p 22 #{user_opt}#{srv} true), err: File::NULL, out: File::NULL)
abort "Couldn't connect #{user_opt}#{srv} with both port 22 and #{port}"
end
puts "ensure_ssh_port(#{srv}, #{port}): port 22 ok, changing sshd"
ensure_cmd = "ssh -T -p 22 #{user_opt}#{srv} \"sudo sh -c 'echo Port #{port} >> /etc/ssh/sshd_config && service ssh restart'\""
puts "ensure_ssh_port(#{srv}, #{port}): $ #{ensure_cmd}"
system(ensure_cmd) or raise 'failed to ensure'
execute "echo '#{srv} port ensured'"
end
end