Support for custom SSH port for KVM hosts using the configuration #12571

winterhazel · 2026-02-03T12:11:56Z

Wouldn't it be better to have this as a parameter on host addition/edit to allow configuring it on a host-level?

I think we can, but do we really want to allow to use a different ssh port for all hosts within a cluster? seems a bit overkill.

I don't see a problem allowing it. Maybe a single host needs to use a different port for SSH connection.

ok, a bit of an edge case, only applicable to smaller installations I’d guess (in my ignorance). You are not asking to remove a higher level setting are you? just to add a per host parameter..

the config is applicable for the kvm hosts on the entire cloudstack installation, mainly for large deployments where the custom port is used for all the hosts. it doesn't provide flexibility to set few hosts on one port, and few hosts on the other. it's always better to have all these hosts accessible on the same port. a new host parameter (that can be updated through add or update host call) can provide flexibility, but it's mostly NULL/empty (when not defined or default port is used) and is not applicable for VMware hosts.

@nvazquez
I think it is fine to hardcode the default SSH port as 22, which is allocated by IANA
if user want to use a custom port, pass it as part of host url (host:port), it is more flexible

Guys, we have a customer asking ffor a per cluster configuration, So I propose the following;
if not part of the host field (i.e. localhost:22) check the host detail, else check the cluster setting, else 22.

makes sense everybody?

LGTM @DaanHoogland - setting being global as it is now should also work

@DaanHoogland I suggest having either just host configuration stored on URL field -> cluster setting -> 22, or host configuration stored on host_detail -> cluster setting -> 22, depending on whichever is easier to implement without breaking compatibility.

Storing this configuration at two places for host-level seems unnecessary, and might just make it confusing.

right, simplifying to:
if not part of the host field (i.e. localhost:22), check the cluster setting, else 22.

-Original file line number
+Diff line change
@@ Expand Up / @@ -54,6 +54,9 @@ public interface AgentManager { @@
                 "This timeout overrides the wait global config. This holds a comma separated key value pairs containing timeout (in seconds) for specific commands. " +
                         "For example: DhcpEntryCommand=600, SavePasswordCommand=300, VmDataCommand=300", false);
+        ConfigKey<Integer> KVMHostDiscoverySshPort = new ConfigKey<>(ConfigKey.CATEGORY_ADVANCED, Integer.class,
+                "kvm.host.discovery.ssh.port", "22", "SSH port used for KVM host discovery and any other operations on host (using SSH). Please note that this is applicable for all the KVM hosts added to this CloudStack deployment, so ensure all hosts are accessible on this port", true);
         enum TapAgentsAction {
             Add, Del, Contains,
         }
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -1977,7 +1977,7 @@ public ConfigKey<?>[] getConfigKeys() { @@
             return new ConfigKey<?>[] { CheckTxnBeforeSending, Workers, Port, Wait, AlertWait, DirectAgentLoadSize,
                     DirectAgentPoolSize, DirectAgentThreadCap, EnableKVMAutoEnableDisable, ReadyCommandWait,
                     GranularWaitTimeForCommands, RemoteAgentSslHandshakeTimeout, RemoteAgentMaxConcurrentNewConnections,
-                    RemoteAgentNewConnectionsMonitorInterval };
+                    RemoteAgentNewConnectionsMonitorInterval, KVMHostDiscoverySshPort };
         }
         protected class SetHostParamsListener implements Listener {
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -16,6 +16,7 @@ @@
     // under the License.
     package org.apache.cloudstack.backup;
+    import com.cloud.agent.AgentManager;
     import com.cloud.dc.dao.ClusterDao;
     import com.cloud.host.HostVO;
     import com.cloud.host.Status;
@@ Expand Down Expand Up @@
             Pattern saveTimePattern = Pattern.compile(nstRegex);
             try {
-                Pair<Boolean, String> response = SshHelper.sshExecute(host.getPrivateIpAddress(), 22,
+                Pair<Boolean, String> response = SshHelper.sshExecute(host.getPrivateIpAddress(), AgentManager.KVMHostDiscoverySshPort.value(),
                         username, null, password, command, 120000, 120000, 3600000);
                 if (!response.first()) {
                     LOG.error(String.format("Backup Script failed on HYPERVISOR %s due to: %s", host, response.second()));
@@ Expand All @@
         private boolean executeRestoreCommand(HostVO host, String username, String password, String command) {
             try {
-                Pair<Boolean, String> response = SshHelper.sshExecute(host.getPrivateIpAddress(), 22,
+                Pair<Boolean, String> response = SshHelper.sshExecute(host.getPrivateIpAddress(), AgentManager.KVMHostDiscoverySshPort.value(),
                     username, null, password, command, 120000, 120000, 3600000);
                 if (!response.first()) {
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up @@
                     }
                 }
-                sshConnection = new Connection(agentIp, 22);
+                sshConnection = new Connection(agentIp, AgentManager.KVMHostDiscoverySshPort.value());
                 sshConnection.connect(null, 60000, 60000);
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up @@
          */
         protected void connectAndRestartAgentOnHost(HostVO host, String username, String password, String privateKey) {
             final com.trilead.ssh2.Connection connection = SSHCmdHelper.acquireAuthorizedConnection(
-                    host.getPrivateIpAddress(), 22, username, password, privateKey);
+                    host.getPrivateIpAddress(), AgentManager.KVMHostDiscoverySshPort.value(), username, password, privateKey);
             if (connection == null) {
                 throw new CloudRuntimeException(String.format("SSH to agent is enabled, but failed to connect to %s via IP address [%s].", host, host.getPrivateIpAddress()));
             }
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support for custom SSH port for KVM hosts using the configuration #12571

Diff view

Diff view

There are no files selected for viewing

winterhazel Feb 3, 2026 •

edited

Loading

Uh oh!

DaanHoogland Feb 3, 2026

Uh oh!

winterhazel Feb 4, 2026

Uh oh!

DaanHoogland Feb 4, 2026

Uh oh!

sureshanaparti Feb 4, 2026

Uh oh!

weizhouapache Feb 4, 2026

Uh oh!

DaanHoogland Feb 5, 2026

Uh oh!

nvazquez Feb 5, 2026

Uh oh!

winterhazel Feb 5, 2026 •

edited

Loading

Uh oh!

DaanHoogland Feb 5, 2026

Uh oh!

Uh oh!

Support for custom SSH port for KVM hosts using the configuration #12571

Are you sure you want to change the base?

Support for custom SSH port for KVM hosts using the configuration #12571

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

winterhazel Feb 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

winterhazel Feb 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

winterhazel Feb 3, 2026 •

edited

Loading

winterhazel Feb 5, 2026 •

edited

Loading