Pkg-File-Service – Control Daemons with Salt – Change SSH Server Port

You can control a huge number of daemons with a configuration management system. Package-file-service is the common pattern for this: install the software, replace a configuration file and finally restart the daemon to use the new configuration.
This article shows a simple Salt state to change SSH server port.
Set up salt master-slave architecture.
On the master, create the state (sshd.sls) and the master copy of configuration file (sshd_config).

Create SSH State

$ cat /srv/salt/sshd.sls
   - source: salt://sshd_config
   - watch:
     - file: /etc/ssh/sshd_config

This is almost the default sshd_config file from Ubuntu right after installing openssh-server. Just comments (“#”) removed and port number changed (“Port 8888”).

$ cat /srv/salt/sshd_config
# DON'T EDIT - managed file, changes will be overwritten
Port 8888
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin prohibit-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes

Apply the State to Slaves

$ sudo salt '*' state.apply sshd


Using one of your slaves as a target (instead of

$ nc -vz 8888
Connection to 2002 port [tcp/*] succeeded!


$ ssh -p 8888's password:

If you got the SSH daemon answer on port 8888, well done. Your package-file-service state is working!
What daemons will you configure next?

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | Comments Off on Pkg-File-Service – Control Daemons with Salt – Change SSH Server Port

Comments are closed.