dynamically change the sshd port in guest

[Marcin Dulak]

I'm not sure if it's about any existing bug, or a completely new enhancement, or whether what I'm trying to do is against the vagrant design.

I want to change the sshd port on the guest dynamically.

I start with a box setup with sshd on port 22, change the port to let's say 222, restart sshd.

I want vagrant to be able to interact with that guest on the new port.

### Vagrant version

$ VBoxManage -version
5.1.30r118389


$ vagrant --version
Vagrant 2.0.1


$ vagrant plugin list
vagrant-share (1.1.9, system)

### Host operating system

$ cat /etc/*release | grep 'VERSION='
VERSION="16.04.3 LTS (Xenial Xerus)"

### Guest operating system

https://app.vagrantup.com/centos/boxes/7

### Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :


SSH_GUEST_PORT = ENV.fetch('SSH_GUEST_PORT', 22)


# 1. vagrant up
# 2. vagrant ssh -c 'sudo netstat -ntlp | grep ssh'
# 3. vagrant ssh -c 'sudo sed -i "s/#Port 22/Port 222/" /etc/ssh/sshd_config'
# 4. vagrant ssh -c 'sudo sed -i "s/^SELINUX=.*/SELINUX=permissive/" /etc/selinux/config'
# 5. vagrant ssh -c 'getenforce&& sudo service sshd restart&& sudo netstat -ntlp | grep ssh&& sudo sync && sudo grep 222 /etc/ssh/sshd_config'
# 6. SSH_GUEST_PORT=222 GUI=1 vagrant reload


BOX = ENV.fetch('BOX', 'centos/7')


# http://stackoverflow.com/questions/23926945/specify-headless-or-gui-from-command-line
def gui_enabled?
  !ENV.fetch('GUI', '').empty?
end


Vagrant.configure(2) do |config|
  config.vm.define 'centos7' do |machine|
    machine.vm.box = BOX
    machine.vm.box_url = machine.vm.box
    machine.vm.provider 'virtualbox' do |p|
      p.memory = 256
      p.cpus = 1
      p.gui = gui_enabled?
    end
    # https://realguess.net/2015/10/06/overriding-the-default-forwarded-ssh-port-in-vagrant/
    machine.vm.network :forwarded_port, guest: SSH_GUEST_PORT, host: 2200, id: 'ssh', auto_correct: true
    machine.ssh.guest_port = SSH_GUEST_PORT
    puts 'SSH_GUEST_PORT ' + SSH_GUEST_PORT.to_s
  end
  config.vm.define 'centos7' do |machine|
    machine.vm.provision :shell, :inline => 'hostnamectl set-hostname centos7'
    machine.vm.provision :shell, :inline => 'yum -y install net-tools lsof'
    machine.vm.provision :shell, :inline => 'setenforce 0', run: 'always'
  end
end

### Debug output

### Expected behavior

vagrant connects to the guest over the new sshd port

### Actual behavior

Note the unexpected `Port 22` reported by `vagrant ssh-config`.

Vagrant is unable to connect to the box.

Verify in the Virtualbox GUI that sshd is actually listening on 222 after reboot,

since it happens sometimes that `/etc/ssh/sshd_config` is empty after `vagrant reload` reboot and sshd starts on the default `Port 22`.

### Steps to reproduce

$ unset SSH_GUEST_PORT


$ BOX='bento/centos-7.4' vagrant up
Bringing machine 'centos7' up with 'virtualbox' provider...
==> centos7: Importing base box 'bento/centos-7.4'...
==> centos7: Matching MAC address for NAT networking...
==> centos7: Checking if box 'bento/centos-7.4' is up to date...
==> centos7: Setting the name of the VM: vagrant_other_sshd_centos7_1512054292366_34932
==> centos7: Fixed port collision for 22 => 2200. Now on port 2202.
==> centos7: Clearing any previously set network interfaces...
==> centos7: Preparing network interfaces based on configuration...
    centos7: Adapter 1: nat
==> centos7: Forwarding ports...
    centos7: 22 (guest) => 2202 (host) (adapter 1)
==> centos7: Running 'pre-boot' VM customizations...
==> centos7: Booting VM...
==> centos7: Waiting for machine to boot. This may take a few minutes...
    centos7: SSH address: 127.0.0.1:2202
    centos7: SSH username: vagrant
    centos7: SSH auth method: private key


$ vagrant ssh -c 'sudo netstat -ntlp | grep ssh'
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      958/sshd            
tcp6       0      0 :::22                   :::*                    LISTEN      958/sshd


$ vagrant ssh -c 'sudo sed -i "s/#Port 22/Port 222/" /etc/ssh/sshd_config'
$ vagrant ssh -c 'sudo sed -i "s/SELINUX=.*/SELINUX=permissive/" /etc/selinux/config'


$ vagrant ssh-config
Host centos7
  HostName 127.0.0.1
  User vagrant
  Port 2202
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  PasswordAuthentication no
  IdentityFile /vagrant/vagrant_other_sshd/.vagrant/machines/centos7/virtualbox/private_key
  IdentitiesOnly yes
  LogLevel FATAL


$ vagrant ssh -c 'getenforce&& sudo service sshd restart&& sudo netstat -ntlp | grep ssh&& sudo sync && sudo grep 222 /etc/ssh/sshd_config'
Permissive
Redirecting to /bin/systemctl restart sshd.service
tcp        0      0 0.0.0.0:222             0.0.0.0:*               LISTEN      2931/sshd          
tcp6       0      0 :::222                  :::*                    LISTEN      2931/sshd
Port 222


$ SSH_GUEST_PORT=222 GUI=1 BOX='bento/centos-7.4' vagrant reload
==> centos7: Attempting graceful shutdown of VM...
    centos7: Guest communication could not be established! This is usually because
    centos7: SSH is not running, the authentication information was changed,
    centos7: or some other networking issue. Vagrant will force halt, if
    centos7: capable.
==> centos7: Forcing shutdown of VM...
==> centos7: Checking if box 'centos/7' is up to date...
==> centos7: Clearing any previously set forwarded ports...
==> centos7: Fixed port collision for 222 => 2200. Now on port 2201.
==> centos7: Clearing any previously set network interfaces...
==> centos7: Preparing network interfaces based on configuration...
    centos7: Adapter 1: nat
==> centos7: Forwarding ports...
    centos7: 222 (guest) => 2201 (host) (adapter 1)
==> centos7: Running 'pre-boot' VM customizations...
==> centos7: Booting VM...
==> centos7: Waiting for machine to boot. This may take a few minutes...
    centos7: SSH address: 127.0.0.1:222
    centos7: SSH username: vagrant
    centos7: SSH auth method: private key
    centos7: Warning: Connection refused. Retrying...


$ vagrant ssh-config
Host centos7
  HostName 127.0.0.1
  User vagrant
  Port 22
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  PasswordAuthentication no
  IdentityFile /vagrant/vagrant_other_sshd/.vagrant/machines/centos7/virtualbox/private_key
  IdentitiesOnly yes
  LogLevel FATAL

### References

[Alvaro Miranda Aguilera]

hello

why you are doing this?

can you share the idea or requirements behind this?

vagrant is aim to help developers to create environments by code so they can focus on the code.

Alvaro

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/1a3d3fd8-af51-46da-af5a-22baeb8d5378%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Alvaro

[Marcin Dulak]

I need sshd on a non-default port set up dynamically, but don't want to have the burden of maintaining my own boxes.

I prefer developers from Centos/Debian/Bento, etc. take care of the boxes.

The example here is given using environment variables, but I may want to use a dynamic yaml or json inventory file.

Actually I even don't know how Vagrant will handle a box with sshd on a non-default port.

I must say that apparently I had some success doing this, it's just a seemingly random behavior.

The example included is supposed to be a non-working one, and I'm looking for suggestions what can be done about it.

Marcin

To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/1a3d3fd8-af51-46da-af5a-22baeb8d5378%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Alvaro

[Antony Stone]

On Friday 01 December 2017 at 13:15:34, Marcin Dulak wrote:

> I need sshd on a non-default port set up dynamically

What is the purpose / benefit in doing this?

Antony.

> > On Fri, Dec 1, 2017 at 11:34 AM, Marcin wrote:
> >>
> >> I want to change the sshd port on the guest dynamically.
> >>
> >> I start with a box setup with sshd on port 22, change the port to let's
> >> say 222, restart sshd.
> >> I want vagrant to be able to interact with that guest on the new port.

--
In the Beginning there was nothing, which exploded.

- Terry Pratchett

Please reply to the list;
please *don't* CC me.

[Marcin Dulak]

1. to have guest sshd on a non-default port

2. be able to configure this with Vagrant, using the properly maintained official boxes, instead of making my own ones

Some people can use the default ssh port, other can't for some reasons.

Marcin

[Alvaro Miranda Aguilera]

Vagrant will create a local port say on 2222 for the first box

When tries for the 2nd port, will try 2222 used? Then 2223 or other

So still not clear whats the benefit or requirement on doing this.

Is this really needed? Why?

And what are those boxes you mention?

Alvaro

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/811499b7-8cd2-4c2e-9738-fb1ebac154fb%40googlegroups.com.

[Marcin Dulak]

1. I have an official box that uses sshd on port 22, that could be https://app.vagrantup.com/centos/ https://app.vagrantup.com/fedora/ https://app.vagrantup.com/ubuntu, anything

2. I start guest using that box with Vagrant and reconfigure sshd on the guest to listen on a different port (222). This is for example due to starting another service on port 22 on the guest. The new service on port 22 does not need to exposed to the Vagrant host.

3. I want now Vagrant to know about this change after I reload the same box, by passing environment variables to Vagrantfile or some other way

4. After creating a set of scripts that configure my box (ansible, puppet, docker, ...) this way, I can now use them on a physical host, VM not managed by Vagrant, or a VM managed by Vagrant, all having sshd on port 222

I think I'm clear enough, if not try my Vagrantfile.

Best regards,

Marcin

[Alvaro Miranda Aguilera]

hello

vagrant expect the ssh to be in the port 22

I think you better using an intermediate tool to do that changes before vagrant.

if you are using virtualbox, have a look at packer virtualbox-ovf

that can start from an existing vm, however change the port yes may work, you build them in 2 steps.

step 1, from existing vm with sshd on port 22, change it to 222, poweroff

step 2, existing vm with sshd on port 222 install the app that uses port 22, poweroff create vagrant box with vagrant file that says use port 222

but in all is not a normal use case for vagrant, so i think the best is to build boxes that are ready to use for vagrant.

you can use packer to build from an iso, so there are options.

for vagrant itself i think is a bit hard

Alvaro.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.

To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/23c69ff1-0157-419d-b548-fddabaa2b876%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Alvaro