[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Running 2 ssh instances

On Mon, Feb 13, 2012 at 10:00:33PM -0700, Paul E Condon wrote:
> On 20120213_200321, Rob Owens wrote:
> > On Tue, Feb 14, 2012 at 12:26:54AM +0100, Claudius Hubig wrote:
> > > Hello Sylvain,
> > > 
> > > Sylvain <sylvaintersideral@gmail.com> wrote:
> > > >Right now I'm a bit confused by the way chroot seems to work with users. 
> > > >I'd be grateful if someone had an idea on how to do have an ssh instance 
> > > >running on a specific port and allowing only certain users.
> > > 
> > > Check $(man sshd_config) and the AllowUser option. You should then be
> > > able to create a second SSHd configuration file listening on the
> > > appropriate port. I would then go on and maybe adapt
> > > either /etc/init.d/ssh slightly to also start the second server (with
> > > the appropriate configuration file) or create a second script doing
> > > the same thing.
> > > 
> > I agree with Claudius.  For your second instance of ssh, you don't need
> > a chroot.  You do need:
> > 
> > /etc/init.d/ssh.alt
> > /etc/default/ssh.alt
> > /etc/ssh/sshd_config.alt (and use the AllowUsers and Port options)
> > /var/run/sshd.alt (although your init script may create this directory,
> > if you copy the standard ssh init script)
> I have been running dozens of instances of ssh simultaneously for
> years without doing anything like the above. Either it is entirely
> unnecessary or the Debian Maintainer has include all this in his
> install script. Or maybe, like gnome-terminal, a single instance can
> manage multiple indepentent windows. Either way, I have found the
> number of windows to be effectively unbounded. Have you tried it?
> I think you will find that it works.
How do you do it?  Just launch sshd on the command line and specify an
alternate config file?  I need two instances with two different config
files, and I need them to always be running.  I figured the best way was
to duplicate the default sshd setup (as shown above).  But if there's a
better way, I'd like to know.


Reply to: