[SOLVED] Create cluster on non-default SSH port without iptables?

R

Razva

Renowned Member
Dec 3, 2013
250
8
83
Romania
cncted.com
Hey,

Is there any way of creating a Proxmox cluster between two servers that use non-default (22) SSH port, without forwarding/tunneling ports from non-default to default?

Thank you,
Razvan
 
Yes, tell the daemon and client to listen on another port. Must be done for all nodes on the cluster at the same time (or on setup)

I recommend testing this in a VM or something, if your only access to the host is SSH, locking yourself out may be no fun...

First lets tell the ssh daemon to provide its service on another port:
Open /etc/ssh/sshd_config with your favorite editor and add/change:
Code: 
Port 4242 # super unknown and secure port
Now do the exact same for /etc/ssh/ssh_config this is the client config – note the missing 'd'.
This tells the ssh client to use 4242 as default port for all outgoing connections, very important as Proxmox VE needs to be able to connect with a "plain" ssh command.
You could also just add it to /root/.ssh/config so other users would not be affected (relevant for outgoing ssh connections).

finally:
Code: 
systemctl restart ssh

Now the change is active.

To connect to your server you'd use
Code: 
ssh -p 4242  USER@IP

if you use scp (secure copy) then remember to use a uppercase -P option (hey, would be to easy if the where both the same :) ), e.g.:
Code: 
scp -P 4242 FILE.PATH  USER@IP:/copy/to
 
Last edited:
I started an wiki article with that and similar SSH stuff, its not public yet as it was "work in progress".
Maybe I can give it another look, dust it off and put in in the public wiki...
 
Razva said:
Maybe this can be a feature/bug request?
Click to expand...

Yes sure, can you create one here https://bugzilla.proxmox.com/
May reference this thread and the problem which should be addressed is that tools which use ssh (rsync, zsync, ...?) should also follow the global ssh client config...
thanks!
 
Hello,
i'de like to know if this limitation is stil present ? (replication broken by ssh configuration on alternative port).
i've searched on Bugzilla but didn't find it.
I think reforcing SSH security by changing port and disabling password is recomanded if no mandatory.
 
wellbein said:
Hello,
i'de like to know if this limitation is stil present ? (replication broken by ssh configuration on alternative port).
i've searched on Bugzilla but didn't find it.
I think reforcing SSH security by changing port and disabling password is recomanded if no mandatory.
Click to expand...
Yeah, it's still here, and nobody cares/wants to change it so...it's here to stay (unfortunately).
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back