[CentOS] Running two sshd's
ankushcentos at gmail.com
Tue Oct 31 16:14:38 UTC 2006
On 10/31/06, Gilles CHAUVIN <gcnweb at gmail.com> wrote:
> Hi all,
> I'm wondering whether it is feasible or not to run two distinct sshd
> daemons with different config options!
> I have a CentOS 4.4 gateway with 2 Ethernet interfaces. One is
> connected to the Internet and the other to the LAN.
> Basically, what I would like to do is having a sshd that listens to
> the LAN interface with password enabled auth. and a sshd bound to the
> Internet interface with forced key auth. (no password auth. allowed).
> I'm not sure that such a thing is possible using a single sshd_config
> file. What do you think would be the best way to do this? Is there
> someone here that already made a similar setup?
You need 2 different sshd_config files for there. 2 ways to achieve this
a) in /etc/rc.d/local
use sshd with -f parameter means you will pass another config file to it
b) creating another sshd daemon
i ) copy /etc/init.d/sshd to /etc/init.d/sshd1
Changes the settings where sshd is coming to sshd1 or something else.
For example see below I have not pasted the whole file just few
portions . I have change few settings like sshd to sshd1 , adding
options file. You need to change all sshd to sshd1
# Init file for OpenSSH server daemon
# chkconfig: 2345 55 25
# description: OpenSSH server daemon
# processname: sshd
# config: /etc/ssh/ssh_host_key
# config: /etc/ssh/ssh_host_key.pub
# config: /etc/ssh/ssh_random_seed
# config: /etc/ssh/sshd_config
# pidfile: /var/run/sshd1.pid
# source function library
# pull in sysconfig settings
[ -f /etc/sysconfig/sshd1 ] && . /etc/sysconfig/sshd1
# Some functions to make the below more readable
if [ ! -s $RSA1_KEY ]; then
echo -n $"Generating SSH1 RSA host key: "
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
if [ -x /sbin/restorecon ]; then
success $"RSA1 key generation"
failure $"RSA1 key generation"
b) cp /usr/sbin/sshd /usr/sbin/sshd1
c) cp /etc/pam.d/sshd /etc/pam.d/sshd1
d) In the sshd_config1 file change the pid to sshd1 otherwise you will
check the connections
netstat -atpn | grep ssh
you should see 2 ssh connections
If there is any problem add the port on which ur running the second
sshd daemon to /etc/services file.
More information about the CentOS