| View previous topic :: View next topic |
| Author |
Message |
the.root
Apprentice
Joined: 29 Apr 2007
Posts: 210
Location: -84.706059324915, -62.4843750666430
|
 Posted: Mon Oct 27, 2008 6:35 am Post subject: Multiple SSH daemon on different interfaces |
 |
|
Hello -
I have a 2008.0 server that I'm working on buttoning down. I'm currently working on SSH. Basically what I want to do is to have OpenSSH allow all my regular SSH traffic to come in on my main external NIC. Then I have a second NIC that I want to allow traffic from only one PC and one user on my internal network ( a backdoor connection, with the only user on that box with any privileges), so I can monitor logs and administer the box when need be. I think it should be able to be done if I have two SSH services running, one on my external NIC, with my .conf file stating the regular users. And another service running that will only listen to connections on my internal NIC with a .conf file set up only allowing that user, and the an iptables rule only allowing connections from my designated PC( I know how to configure iptables and ssh to allow access on certain ports and certain users etc). I just dont know how to setup multiple ssh per interfaces. If anyone has any insight on how to accomplish this goal, or a better way please let me know. I also plan on placing the SSH(s) in a Chroot Jail in the near future, so if that affects anything let me know.
Thanks for your input!
_________________
Ps = (1.5 x 6 x .75) / {(4/3) (pi) [(31.039 x 10^15) (46.5 x 10^9)]^3}
Seems like a waste.. |
|
| Back to top |
|
 |
mstockin
n00b
Joined: 02 Jul 2004
Posts: 12
Location: Passau, Germany
|
| Posted: Mon Oct 27, 2008 1:24 pm Post subject: |
|
|
To start a second sshd with other settings:
Make a link to the default init script:
| Code: |
root:~# cd /etc/init.d
root:/etc/init.d# ln -s sshd sshd2
|
Copy the init script configuration:
| Code: |
root:~# cp -a /etc/conf.d/sshd /etc/conf.d/sshd2
|
I like it to see different binaries:
| Code: |
root:~# cd /usr/sbin
root:/usr/sbin# ln -s sshd sshd2
|
Change in /etc/conf.d/sshd2:
| Code: |
SSHD_CONFDIR="/etc/ssh2"
SSHD_PIDFILE="/var/run/sshd2.pid"
SSHD_BINARY="/usr/sbin/sshd2"
|
Create a copy of your /etc/ssh config dir:
| Code: |
root:~# cp -a /etc/ssh /etc/ssh2
|
Configure your second sshd in /etc/ssh2 like:
- change the port and/or interface sshd is listening
- use different ssh-key's
- use the Option "AllowUsers" to restrict the second sshd to a few people
Start the second sshd with:
| Code: |
root:~# /etc/init.d/sshd2 start
root:~# rc-update add sshd2 default
|
hope that helps,
Marv |
|
| Back to top |
|
|
the.root
Apprentice
Joined: 29 Apr 2007
Posts: 210
Location: -84.706059324915, -62.4843750666430
|
| Posted: Mon Oct 27, 2008 3:58 pm Post subject: |
|
|
Thanks for the post! That's great information, I'll try it out this evening. Do you know what variable I have to set in the sshd_config, to bind that service to a certain interface?
Thanks again!
_________________
Ps = (1.5 x 6 x .75) / {(4/3) (pi) [(31.039 x 10^15) (46.5 x 10^9)]^3}
Seems like a waste.. |
|
| Back to top |
|
|
the.root
Apprentice
Joined: 29 Apr 2007
Posts: 210
Location: -84.706059324915, -62.4843750666430
|
| Posted: Tue Oct 28, 2008 3:17 am Post subject: |
|
|
Ah I think I can do it with the "ListenAddress xx.xx.xx.xx" variable in sshd_config and just bind it to an IP address. Should work out. Thanks again!
_________________
Ps = (1.5 x 6 x .75) / {(4/3) (pi) [(31.039 x 10^15) (46.5 x 10^9)]^3}
Seems like a waste.. |
|
| Back to top |
|
|
|
Networking & Security
