ansible-proxy-chain/openspec/changes/archive/2026-04-22-custom-ssh-port/proposal.md

Why

Servers may run SSH on non-standard ports for security. Each server could have a different SSH port. Currently ssh_port is a single global variable in group_vars/all.yml — it needs to be configurable per host.

What Changes

• Add ansible_port and ssh_port as per-host variables in the inventory template
• Keep the global default of 22 in group_vars/all.yml
• Per-host ssh_port overrides the global default for sshd_config, UFW, and fail2ban
• ansible_port tells Ansible which port to connect on

Capabilities

New Capabilities

(none)

Modified Capabilities

• server-base: SSH port becomes per-host configurable via inventory

Impact

• inventory/hosts.yml.example updated with ansible_port and ssh_port variables
• README updated to document per-host SSH port configuration