— /etc/init.d/sshd Thu Jun 9 16:54:18 2005 +++ /etc/init.d/sshd_adm Thu Jun 9 14:03:24 2005 @@ -5,29 +5,30 @@

chkconfig: 2345 55 25

#

description: OpenSSH server daemon

#

#

-# processname: sshd +# processname: sshd_adm

config: /etc/ssh/ssh_host_key

#

config: /etc/ssh/ssh_host_key.pub

#

config: /etc/ssh/ssh_random_seed

#

-# config: /etc/ssh/sshd_config -# pidfile: /var/run/sshd.pid +# config: /etc/ssh/sshd_config_adm +# pidfile: /var/run/sshd_adm.pid

source function library

#

. /etc/rc.d/init.d/functions

pull in sysconfig settings

#

-[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd +[ -f /etc/sysconfig/sshd_adm ] && . /etc/sysconfig/sshd_adm

RETVAL=0 -prog="sshd" +prog="sshd_adm"

Some functions to make the below more readable

#

KEYGEN=/usr/bin/ssh-keygen -SSHD=/usr/sbin/sshd +SSHD=/usr/sbin/sshd_adm RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key DSA_KEY=/etc/ssh/ssh_host_dsa_key -PID_FILE=/var/run/sshd.pid +PID_FILE=/var/run/sshd_adm.pid +OPTIONS="-f /etc/ssh/sshd_config_adm -o "PidFile ${PID_FILE}" ${OPTIONS}"

do_rsa1_keygen() { if [ ! -s $RSA1_KEY ]; then @@ -97,7 +98,7 @@ echo -n $"Starting $prog:" initlog -c "$SSHD $OPTIONS" && success || failure RETVAL=$?

•   [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
  

•   [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd_adm
    echo
  

}

@@ -106,7 +107,7 @@ echo -n $"Stopping $prog:" killproc $SSHD -TERM RETVAL=$?

•   [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
  

•   [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd_adm
    echo
  

}

@@ -133,7 +134,7 @@ reload ;; condrestart)

•           if [ -f /var/lock/subsys/sshd ] ; then
  

•           if [ -f /var/lock/subsys/sshd_adm ] ; then
                    do_restart_sanity_check
                    if [ "$RETVAL" = 0 ] ; then
                            stop
  

See the provided attached patch to get it right now: sshd_adm.service.patch

Create (copy) the sshd_adm configuration file:

# cp /etc/ssh/sshd_config /etc/ssh/sshd_config_adm

Edit and modify the sshd and sshd_adm configuration files according to:

# diff -u /etc/ssh/sshd_config /etc/ssh/sshd_config_adm
--- /etc/ssh/sshd_config        Thu Jun  9 15:44:42 2005

sshd represents the classical SSH server (for users)
sshd_adm represents the administrator SSH server (for
administrators)

Copy the original executable to be able to differentiate them later
using ps(1):
# cp /usr/sbin/sshd /usr/sbin/sshd_adm
Create (copy) the sshd_adm service file:
# cp /etc/init.d/sshd /etc/init.d/sshd_adm
Edit and modify the sshd_adm service file according to:
# diff -u /etc/init.d/sshd /etc/init.d/sshd_adm
+++ /etc/ssh/sshd_config_adm    Thu Jun  9 15:45:08 2005
@@ -11,6 +11,7 @@
 # default value.
 
 #Port 22
+Port 77
 #Protocol 2,1
 #ListenAddress 0.0.0.0
 #ListenAddress ::
@@ -35,13 +36,11 @@
 
 #LoginGraceTime 600
 #PermitRootLogin yes
-PermitRootLogin no
 #StrictModes yes
 
 #RSAAuthentication yes
 #PubkeyAuthentication yes
 #AuthorizedKeysFile    .ssh/authorized_keys
-AuthorizedKeysFile     /var/.ssh/%u/authorized_keys
 
 # rhosts authentication should not be used
 #RhostsAuthentication no
@@ -79,6 +78,7 @@
 #PAMAuthenticationViaKbdInt yes
 
 #X11Forwarding no
+X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PrintMotd yes
See the provided attached patch to get it right now:
sshd_adm.configuration.patch
Clone the pam(8) configuration for the sshd_adm processus:
# cp /etc/pam.d/sshd /etc/pam.d/sshd_adm
Add and/or update the wanted run-level informations for the sshd_adm
service:
# chkconfig --add sshd_adm
# chkconfig --level 2345 sshd_adm on
Start, or restart, the corresponding services using the new
configurations:
# service sshd restart
# service sshd_adm start
Verify the running services:
# service sshd status
# service sshd_adm status