Hi Hildgard, Hildegard Meier wrote: > > 4192 /usr/sbin/sftpd is likely unrelated to OpenSSH. > > To have a clean seperation of the standard sshd service on port 22 > and our sftp server that listens on another port, and both have and > shall have really nothing to do which each other, I created a new > sshd instance named "sftpd": I understand! This could actually make it much easier to use a local build for the standalone sftp server. Does the patch idea seem viable? > [Service] > EnvironmentFile=-/etc/default/sftpd > ExecStartPre=/usr/sbin/sftpd -t > ExecStart=/usr/sbin/sftpd -D $SFTPD_OPTS -f /etc/sftpd/sftpd_config > > Important for correct autostart of sftpd on boot is: > [Unit] > After=network.target auditd.service sshd.service > > Because sftpd needs to be started after sshd because only sshd > creates /run/sshd/ and that is needed by sftpd (hard compiled in sshd). systemd creates /run/sshd for the sshd.service, it's not great that the sftpd service needs to use the same path. A local sshd build allows cleanly solving that as well. These commands build an OpenSSH-8.8p1 sshd with my sftp-server patch and the alternate privsep directory: git clone https://anongit.mindrot.org/openssh.git && cd openssh && git checkout -b v88_sftplog V_8_8_P1 && wget -O 0001-sftplog.patch \ https://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20210930/9b40e2d4/attachment.bin && git am 0001-sftplog.patch && autoreconf -fi -I m4 && ./configure --prefix=/usr/local/sftpd --with-privsep-path=/run/sftpd && make sshd Thanks to --prefix this sshd will not interfere with anything installed via package management. Place configuration and keys (or symlinks) in /usr/local/sftpd/etc/ and remember PidFile /run/sftpd.pid in sshd_config. In any case you can express the current dependency to systemd to avoid errors: > When stopping sshd /run/sshd/ gets deleted and you get the > following sftpd error: > fatal: Missing privilege separation directory: /run/sshd > and sftpd does not accept new connections anymore etc. Set BindsTo=sshd.service in the sftpd.service [Unit] section to tell systemd that sftpd requires sshd, and should be stopped first if sshd is being stopped. Also create a Wants: mkdir /etc/systemd/system/sshd.service.wants ln -s ../sftpd.service /etc/systemd/system/sshd.service.wants/ ..to tell systemd that it should try to start sftpd when sshd starts. Keep After=sshd.service in sftpd.service. With those changes you can stop and start sftpd while sshd continues running like before, if you stop sshd then sftpd is now stopped first, and if you start either sshd or sftpd when neither is running then both are started in the right order. > Here ps fax output :) That makes sense now. :) Kind regards //Peter _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
