Failed to specify the custom SSH port for Digital Ocean droplet

twang2218 commented 7 years ago

I tried to use port other than the default SSH port for Digital Ocean droplet by --digitalocean-ssh-port 234, however, docker-machine failed to change the ports, and at the first creation, the SSH failed. Here is the log:

ζ docker-machine -D create --digitalocean-ssh-port 234 honeypot
Docker Machine Version:  0.8.1, build 41b3b25
Found binary path at /usr/local/bin/docker-machine
Launching plugin server for driver digitalocean
Plugin server listening at address 127.0.0.1:61426
() Calling .GetVersion
Using API Version  1
() Calling .SetConfigRaw
() Calling .GetMachineName
(flag-lookup) Calling .GetMachineName
(flag-lookup) Calling .DriverName
(flag-lookup) Calling .GetCreateFlags
Found binary path at /usr/local/bin/docker-machine
Launching plugin server for driver digitalocean
Plugin server listening at address 127.0.0.1:61430
() Calling .GetVersion
Using API Version  1
() Calling .SetConfigRaw
() Calling .GetMachineName
(honeypot) Calling .GetMachineName
(honeypot) Calling .DriverName
(honeypot) Calling .GetCreateFlags
(honeypot) Calling .SetConfigFromFlags
Running pre-create checks...
(honeypot) Calling .PreCreateCheck
(honeypot) Calling .GetConfigRaw
Creating machine...
(honeypot) Calling .Create
(honeypot) Creating SSH key...
(honeypot) Creating Digital Ocean droplet...
(honeypot) Waiting for IP address to be assigned to the Droplet...
(honeypot) Calling .GetConfigRaw
(honeypot) DBG | Created droplet ID 23780384, IP address 138.68.53.94
(honeypot) Calling .DriverName
(honeypot) Calling .DriverName
Waiting for machine to be running, this may take a few minutes...
(honeypot) Calling .GetState
(honeypot) Calling .GetState
(honeypot) Calling .GetState
(honeypot) Calling .GetState
(honeypot) Calling .GetState
(honeypot) Calling .GetState
Detecting operating system of created instance...
Waiting for SSH to be available...
Getting to WaitForSSH function...
(honeypot) Calling .GetSSHHostname
(honeypot) Calling .GetSSHPort
(honeypot) Calling .GetSSHKeyPath
(honeypot) Calling .GetSSHUsername
Using SSH client type: external
&{[-F /dev/null -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none root@138.68.53.94 -p 234] /usr/bin/ssh <nil>}
About to run SSH command:
exit 0
SSH cmd err, output: exit status 255:
Error getting ssh command 'exit 0' : Something went wrong running an SSH command!
command : exit 0
err     : exit status 255
output  :

Getting to WaitForSSH function...
(honeypot) Calling .GetSSHHostname
(honeypot) Calling .GetSSHPort
(honeypot) Calling .GetSSHKeyPath
(honeypot) Calling .GetSSHUsername
Using SSH client type: external
&{[-F /dev/null -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none root@138.68.53.94 -p 234] /usr/bin/ssh <nil>}
About to run SSH command:
exit 0
SSH cmd err, output: exit status 255:
Error getting ssh command 'exit 0' : Something went wrong running an SSH command!
command : exit 0
err     : exit status 255
output  :

Getting to WaitForSSH function...
(honeypot) Calling .GetSSHHostname
(honeypot) Calling .GetSSHPort
(honeypot) Calling .GetSSHKeyPath
(honeypot) Calling .GetSSHUsername
Using SSH client type: external
&{[-F /dev/null -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none root@138.68.53.94 -p 234] /usr/bin/ssh <nil>}
About to run SSH command:
exit 0
SSH cmd err, output: exit status 255:
Error getting ssh command 'exit 0' : Something went wrong running an SSH command!
command : exit 0
err     : exit status 255
output  :

Getting to WaitForSSH function...
(honeypot) Calling .GetSSHHostname
(honeypot) Calling .GetSSHPort
(honeypot) Calling .GetSSHKeyPath
(honeypot) Calling .GetSSHUsername
Using SSH client type: external
&{[-F /dev/null -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none root@138.68.53.94 -p 234] /usr/bin/ssh <nil>}
About to run SSH command:
exit 0
SSH cmd err, output: exit status 255:
Error getting ssh command 'exit 0' : Something went wrong running an SSH command!
command : exit 0
err     : exit status 255
output  :

Getting to WaitForSSH function...
(honeypot) Calling .GetSSHHostname
(honeypot) Calling .GetSSHPort
(honeypot) Calling .GetSSHKeyPath
(honeypot) Calling .GetSSHUsername
Using SSH client type: external
&{[-F /dev/null -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none root@138.68.53.94 -p 234] /usr/bin/ssh <nil>}
About to run SSH command:
exit 0
SSH cmd err, output: exit status 255:
Error getting ssh command 'exit 0' : Something went wrong running an SSH command!
command : exit 0
err     : exit status 255
output  :
...

It will retry again and again, until beyond the maximum retries:

Error creating machine: Error detecting OS: Too many retries waiting for SSH to be available.  Last error: Maximum number of retries (60) exceeded
notifying bugsnag: [Error creating machine: Error detecting OS: Too many retries waiting for SSH to be available.  Last error: Maximum number of retries (60) exceeded]

After I logged into the created droplet, I found the SSH port is still 22:

root@honeypot:~# ss -tupln
Netid  State      Recv-Q Send-Q          Local Address:Port                         Peer Address:Port
tcp    LISTEN     0      128                         *:22                                      *:*                   users:(("sshd",pid=2322,fd=3))
tcp    LISTEN     0      128                        :::22                                     :::*                   users:(("sshd",pid=2322,fd=4))

bamarni commented 7 years ago

To change the port you basically have 2 options :

use a cloud-init file which configures the sshd port, you can then pass it through the --digitalocean-userdata flag (more info here)
provision a fresh droplet yourself so that sshd listens on port 234, make a snapshot and use your custom image id in --digitalocean-image

Hope that helps.

twang2218 commented 7 years ago

@bamarni cloud-init file is a good tips, I will try that next time. My workaround is quite manually, as --digitalocean-port is not working, I just created the host with normal port, and then ssh in the droplet, change the sshd_config, then back to console, and change the ~/.docker/machine/machines/<name>/config.json. It's not that convenient.

I think the --digitalocean-port should utilize the cloud-init file to specify the SSH port for the droplet, rather than we do it manually.

bamarni commented 7 years ago

I think the --digitalocean-port should utilize the cloud-init file to specify the SSH port for the droplet, rather than we do it manually.

It seems out of the scope of docker machine, in a similar way it won't try to create the user from --digitalocean-ssh-user if it doesn't exist.

pascalandy commented 7 years ago

Same here. I have to do this manually as I'm not using the default SSH on port 22

https://github.com/docker/machine/issues/3702#issuecomment-243049654

Would be nice to do something like this (port 2233 is my custom SSH port in the example)

eval "$(docker-machine env NODE1 -p2233)"

docker / machine

Failed to specify the custom SSH port for Digital Ocean droplet #3702