- sshd represents the classical SSH server (for users)
- sshd_adm represents the administrator SSH server (for administrators)
Copy the original executable to be able to differentiate them later
using ps(1):
# cp /usr/sbin/sshd /usr/sbin/sshd_adm
Create (copy) the sshd_adm service file:
# cp /etc/init.d/sshd /etc/init.d/sshd_adm
Edit and modify the sshd_adm service file according to:
# diff -u /etc/init.d/sshd /etc/init.d/sshd_adm
--- /etc/init.d/sshd Thu Jun 9 16:54:18 2005
+++ /etc/init.d/sshd_adm Thu Jun 9 14:03:24 2005
@@ -5,29 +5,30 @@
# chkconfig: 2345 55 25
# description: OpenSSH server daemon
#
-# processname: sshd
+# processname: sshd_adm
# config: /etc/ssh/ssh_host_key
# config: /etc/ssh/ssh_host_key.pub
# config: /etc/ssh/ssh_random_seed
-# config: /etc/ssh/sshd_config
-# pidfile: /var/run/sshd.pid
+# config: /etc/ssh/sshd_config_adm
+# pidfile: /var/run/sshd_adm.pid
# source function library
. /etc/rc.d/init.d/functions
# pull in sysconfig settings
-[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
+[ -f /etc/sysconfig/sshd_adm ] && . /etc/sysconfig/sshd_adm
RETVAL=0
-prog="sshd"
+prog="sshd_adm"
# Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen
-SSHD=/usr/sbin/sshd
+SSHD=/usr/sbin/sshd_adm
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
-PID_FILE=/var/run/sshd.pid
+PID_FILE=/var/run/sshd_adm.pid
+OPTIONS="-f /etc/ssh/sshd_config_adm -o \"PidFile ${PID_FILE}\" ${OPTIONS}"
do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
@@ -97,7 +98,7 @@
echo -n $"Starting $prog:"
initlog -c "$SSHD $OPTIONS" && success || failure
RETVAL=$?
- [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
+ [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd_adm
echo
}
@@ -106,7 +107,7 @@
echo -n $"Stopping $prog:"
killproc $SSHD -TERM
RETVAL=$?
- [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
+ [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd_adm
echo
}
@@ -133,7 +134,7 @@
reload
;;
condrestart)
- if [ -f /var/lock/subsys/sshd ] ; then
+ if [ -f /var/lock/subsys/sshd_adm ] ; then
do_restart_sanity_check
if [ "$RETVAL" = 0 ] ; then
stop
See the provided attached patch to get it right now: sshd_adm.service.patch
Create (copy) the sshd_adm configuration file:
# cp /etc/ssh/sshd_config /etc/ssh/sshd_config_adm
Edit and modify the sshd and sshd_adm configuration files according to:
# diff -u /etc/ssh/sshd_config /etc/ssh/sshd_config_adm
--- /etc/ssh/sshd_config Thu Jun 9 15:44:42 2005
+++ /etc/ssh/sshd_config_adm Thu Jun 9 15:45:08 2005
@@ -11,6 +11,7 @@
# default value.
#Port 22
+Port 77
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
@@ -35,13 +36,11 @@
#LoginGraceTime 600
#PermitRootLogin yes
-PermitRootLogin no
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
-AuthorizedKeysFile /var/.ssh/%u/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication no
@@ -79,6 +78,7 @@
#PAMAuthenticationViaKbdInt yes
#X11Forwarding no
+X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
See the provided attached patch to get it right now: sshd_adm.configuration.patch
Clone the pam(8) configuration for the sshd_adm processus:
# cp /etc/pam.d/sshd /etc/pam.d/sshd_adm
Add and/or update the wanted run-level informations for the sshd_adm service:
# chkconfig --add sshd_adm
# chkconfig --level 2345 sshd_adm on
Start, or restart, the corresponding services using the new configurations:
# service sshd restart
# service sshd_adm start
Verify the running services:
# service sshd status
# service sshd_adm status