Re: [CentOS] Running two sshd's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 10/31/06, Gilles CHAUVIN <gcnweb@xxxxxxxxx> wrote:
Hi all,

I'm wondering whether it is feasible or not to run two distinct sshd
daemons with different config options!

I have a CentOS 4.4 gateway with 2 Ethernet interfaces. One is
connected to the Internet and the other to the LAN.

Basically, what I would like to do is having a sshd that listens to
the LAN interface with password enabled auth. and a sshd bound to the
Internet interface with forced key auth. (no password auth. allowed).

I'm not sure that such a thing is possible using a single sshd_config
file. What do you think would be the best way to do this? Is there
someone here that already made a similar setup?



You need 2 different sshd_config  files  for there. 2 ways to achieve this

a) in /etc/rc.d/local

use sshd with -f parameter means you will pass another config file to it

b) creating another sshd daemon

i ) copy /etc/init.d/sshd to /etc/init.d/sshd1

Changes the settings where sshd is coming  to sshd1 or something else.
For example see below I have not pasted the whole file just few
portions .  I have change few settings like sshd to sshd1 , adding
options file. You need to change all sshd to sshd1

/bin/bash
#
# Init file for OpenSSH server daemon
#
# chkconfig: 2345 55 25
# description: OpenSSH server daemon
#
# processname: sshd
# config: /etc/ssh/ssh_host_key
# config: /etc/ssh/ssh_host_key.pub
# config: /etc/ssh/ssh_random_seed
# config: /etc/ssh/sshd_config
# pidfile: /var/run/sshd1.pid

# source function library
. /etc/rc.d/init.d/functions

# pull in sysconfig settings
[ -f /etc/sysconfig/sshd1 ] && . /etc/sysconfig/sshd1

RETVAL=0
prog="sshd1"

# Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen
SSHD=/usr/sbin/sshd1
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
PID_FILE=/var/run/sshd1.pid
OPTIONS="-f /etc/ssh/sshd_config1"
do_rsa1_keygen() {
       if [ ! -s $RSA1_KEY ]; then
               echo -n $"Generating SSH1 RSA host key: "
               if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
                       chmod 600 $RSA1_KEY
                       chmod 644 $RSA1_KEY.pub
                       if [ -x /sbin/restorecon ]; then
                           /sbin/restorecon $RSA1_KEY.pub
                       fi
                       success $"RSA1 key generation"
                       echo
               else
                       failure $"RSA1 key generation"
                       echo
                       exit 1
               fi
       fi
}


b) cp /usr/sbin/sshd   /usr/sbin/sshd1

c) cp /etc/pam.d/sshd  /etc/pam.d/sshd1

d) In the sshd_config1 file change the pid to sshd1 otherwise you will
face problem

start sshd1

check the connections

netstat -atpn | grep ssh

you should see  2 ssh connections

If there is any problem add the port on which ur running the second
sshd daemon to /etc/services file.

Regards

Ankush Grover
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux