Running 2 instances of SSH (Was: how to access machine using telnet)
Ewan Mac Mahon
ewan at macmahon.me.uk
Mon Sep 4 11:46:04 UTC 2006
On Mon, Sep 04, 2006 at 06:03:45PM +0100, Gabriel M Dragffy wrote:
> On Sun, 2006-09-03 at 20:28 +0100, Ewan Mac Mahon wrote:
> > I think I remember that thread. If it's the one I'm thinking of I
> > suggested setting up a separate instance of ssh with a different config
> > file to run on a different port. That would give you your backup plan
> > without the hazards of running a telnet server.
>
> I have been interested in running another instance of SSH on my server
> for the eventuality that the other process goes crazy and I don't get
> locked out. I'd like to run another instance off SSH on a high port,
> haven't found much info on how to do this: how would one go about
> setting this up?
>
At the minimum the second instance of ssh will need it's own config
file, with a different port number in it, you could also use separate
key files if you wanted to. For the basic approach go to /etc/ssh and
make a copy of sshd_config as (e.g.) sshd-backup_config, edit the new
config file and change the 'Port 22' option near the top to another
number (e.g.) 'Port 222'.
Next the backup ssh server needs a startup script, so in /etc/init.d
make a copy of 'ssh' as 'ssh-backup'. This new config file will need
changing to append a parameter to sshd to make it load the new config
file instead of the default, and also to use a different pid file.
Rather than describing this in excruciating detail I've just included a
patch below that will make the necessary changes.
At this point you should be able to run 'sudo /etc/init.d/ssh-backup
start' sucessfully and log in using the backup ssh instance. However, to
make it start up on reboot you'll need to make the links in the rcX.d
runlevel directories using 'sudo update-rc.d ssh-backup defaults'.
That should do it :-)
Ewan
--- ssh 2005-03-15 13:09:37.000000000 +0000
+++ ssh-backup 2006-09-04 12:32:03.000000000 +0100
@@ -1,4 +1,4 @@
-#! /bin/sh
+#! /bin/sh
set -e
# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon
@@ -10,6 +10,8 @@
. /etc/default/ssh
fi
+SSHD_OPTS="${SSHD_OPTS} -f /etc/ssh/sshd-backup_config"
+
. /lib/lsb/init-functions
check_for_no_start() {
@@ -42,12 +44,12 @@
log_begin_msg "Starting OpenBSD Secure Shell server..."
check_for_no_start
check_privsep_dir
- start-stop-daemon --start --quiet --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS || log_end_msg 1
+ start-stop-daemon --start --quiet --pidfile /var/run/sshd-backup.pid --exec /usr/sbin/sshd -- $SSHD_OPTS || log_end_msg 1
log_end_msg 0
;;
stop)
log_begin_msg "Stopping OpenBSD Secure Shell server..."
- start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid || log_end_msg 1
+ start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd-backup.pid || log_end_msg 1
log_end_msg 0
;;
@@ -55,17 +57,17 @@
log_begin_msg "Reloading OpenBSD Secure Shell server's configuration"
check_for_no_start
check_config
- start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd || log_end_msg 1
+ start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd-backup.pid --exec /usr/sbin/sshd || log_end_msg 1
log_end_msg 0
;;
restart)
log_begin_msg "Restarting OpenBSD Secure Shell server..."
check_config
- start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /var/run/sshd.pid
+ start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /var/run/sshd-backup.pid
check_for_no_start
check_privsep_dir
- start-stop-daemon --start --quiet --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS || log_end_msg 1
+ start-stop-daemon --start --quiet --pidfile /var/run/sshd-backup.pid --exec /usr/sbin/sshd -- $SSHD_OPTS || log_end_msg 1
log_end_msg 0
;;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060904/b0d47264/attachment.sig>
More information about the ubuntu-users
mailing list