Blog

How to Add a New “sshd_adm” Service on Red Hat Advanced Server 2.1

Apr 27, 2007 | 2 minutes read
Share this:

Tags: SSH, Service

— /etc/init.d/sshd Thu Jun 9 16:54:18 2005 +++ /etc/init.d/sshd_adm Thu Jun 9 14:03:24 2005 @@ -5,29 +5,30 @@

chkconfig: 2345 55 25

description: OpenSSH server daemon

-# processname: sshd +# processname: sshd_adm

config: /etc/ssh/ssh_host_key

config: /etc/ssh/ssh_host_key.pub

config: /etc/ssh/ssh_random_seed

-# config: /etc/ssh/sshd_config -# pidfile: /var/run/sshd.pid +# config: /etc/ssh/sshd_config_adm +# pidfile: /var/run/sshd_adm.pid

source function library

. /etc/rc.d/init.d/functions

pull in sysconfig settings

-[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd +[ -f /etc/sysconfig/sshd_adm ] && . /etc/sysconfig/sshd_adm

RETVAL=0 -prog="sshd" +prog="sshd_adm"

Some functions to make the below more readable

KEYGEN=/usr/bin/ssh-keygen -SSHD=/usr/sbin/sshd +SSHD=/usr/sbin/sshd_adm RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key DSA_KEY=/etc/ssh/ssh_host_dsa_key -PID_FILE=/var/run/sshd.pid +PID_FILE=/var/run/sshd_adm.pid +OPTIONS="-f /etc/ssh/sshd_config_adm -o "PidFile ${PID_FILE}" ${OPTIONS}"

do_rsa1_keygen() { if [ ! -s $RSA1_KEY ]; then @@ -97,7 +98,7 @@ echo -n $"Starting $prog:" initlog -c "$SSHD $OPTIONS" && success || failure RETVAL=$?

  •   [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd

  •   [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd_adm
  echo

}

@@ -106,7 +107,7 @@ echo -n $"Stopping $prog:" killproc $SSHD -TERM RETVAL=$?

  •   [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd

  •   [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd_adm
  echo

}

@@ -133,7 +134,7 @@ reload ;; condrestart)

  •           if [ -f /var/lock/subsys/sshd ] ; then

  •           if [ -f /var/lock/subsys/sshd_adm ] ; then
                  do_restart_sanity_check
                  if [ "$RETVAL" = 0 ] ; then
                          stop

  1. sshd represents the classical SSH server (for users)
  2. sshd_adm represents the administrator SSH server (for administrators)

Copy the original executable to be able to differentiate them later using ps(1):

# cp /usr/sbin/sshd /usr/sbin/sshd_adm

Create (copy) the sshd_adm service file:

# cp /etc/init.d/sshd /etc/init.d/sshd_adm

Edit and modify the sshd_adm service file according to:

# diff -u /etc/init.d/sshd /etc/init.d/sshd_adm
+++ /etc/ssh/sshd_config_adm    Thu Jun  9 15:45:08 2005
@@ -11,6 +11,7 @@
 # default value.
 
 #Port 22
+Port 77
 #Protocol 2,1
 #ListenAddress 0.0.0.0
 #ListenAddress ::
@@ -35,13 +36,11 @@
 
 #LoginGraceTime 600
 #PermitRootLogin yes
-PermitRootLogin no
 #StrictModes yes
 
 #RSAAuthentication yes
 #PubkeyAuthentication yes
 #AuthorizedKeysFile    .ssh/authorized_keys
-AuthorizedKeysFile     /var/.ssh/%u/authorized_keys
 
 # rhosts authentication should not be used
 #RhostsAuthentication no
@@ -79,6 +78,7 @@
 #PAMAuthenticationViaKbdInt yes
 
 #X11Forwarding no
+X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PrintMotd yes

See the provided attached patch to get it right now: sshd_adm.configuration.patch

Clone the pam(8) configuration for the sshd_adm processus:

# cp /etc/pam.d/sshd /etc/pam.d/sshd_adm

Add and/or update the wanted run-level informations for the sshd_adm service:

# chkconfig --add sshd_adm
# chkconfig --level 2345 sshd_adm on

Start, or restart, the corresponding services using the new configurations:

# service sshd restart
# service sshd_adm start

Verify the running services:

# service sshd status
# service sshd_adm status