Hi,
i got a question on how to change the SSH port via bastion host
So, the setup is this:
ansible server (on ssh port 6701) —> Bastion server (on ssh port 6701) → linux server (on ssh port 22)
i tried to add “ansible_ssh=22” in the inventory file, but this will try to connect from “ansible server” to “Bastion server” on port 22
If i tried to add “ansible_ssh=6701” in the inventory file, this will try to connect from “ansible server” to “bastion server” on port 6701 (which is correct), but also will connect to “linux server” on port 6701. How do i change this last part to port 22 ?
Thank you!
I assume "ansible server (on port 6701)" is the control machine. So
the port which you access that is relevant for this story.
While on the control machine (where your ansible, inventory, etc
reside), you can use something like this in your inventory:
linux_server ansible_ssh_common_args='-o ProxyJump="bastionuser@bastion:6701"'
If several or all hosts require jumping through this bastion, you can
add this to the group or all vars:
[need_bastion]
linux_server
linux_server2
linux_server3
[need_bastion:vars]
ansible_ssh_common_args='-o ProxyJump="bastionuser@bastion:6701"'
Note that ProxyJump requires OpenSSH 7.2 or later. WIth earlier SSH
versions you need to use ProxyCommand:
https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts
for more inspiration.
Dick