1. Create a copy of the sshd_config file that will be used by the second daemon:
[root@server1 ~]# cp /etc/ssh/sshd_config /etc/ssh/sshd-second_config
2. Edit the sshd-second_config file created in the previous step to assign a different port number and PID file to the second daemon:
Port 22220
PidFile /var/run/sshd-second.pid
3. Create a copy of the systemd unit file for the sshd service:
~]# cp -v /usr/lib/systemd/system/sshd.service /etc/systemd/system/sshd-second.service
‘/usr/lib/systemd/system/sshd.service’ -> ‘/etc/systemd/system/sshd-second.service’
4. Alter the sshd-second.service created in the previous step as follows:
[Unit]
Description=OpenSSH server second instance daemon
After=syslog.target network.target auditd.service sshd.service
[Service]
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd-second_config $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
- Description is modified
- sshd.service is added to After option, so that Second instance start after the first Instance .
- The first instance of sshd includes key generation, therefore remove the ExecStartPre=/usr/sbin/sshd-keygen line.
- Add the -f /etc/ssh/sshd-second_config parameter to the sshd command, so that the alternative configuration file is used.
5. If using SELinux and firewalld, add the port for the second instance of sshd to SSH ports and allow port 22220 in firewall
~]# semanage port -a -t ssh_port_t -p tcp 22220
~]# firewall-cmd --permanent --add-port 22220/tcp
~]# firewall-cmd --reload
6. Enable sshd-second.service, so that it starts automatically upon boot. And start the service
~]# systemctl enable sshd-second.service
~]# systemctl start sshd-second.service
Now try to connect using ssh -p 22220 user@server
No comments:
Post a Comment