Colin,

When the DHCP client recieves a new IP address it invokes a script called
/sbin/dhclient-script . This script has hooks to call user-provided
scripts if they exist on enty and on exit. Try "man dhclient-script" or
google "linux man dhclient-script" for more information. You should be
able to use this to dynamically adjust your sshd_config file specifying
the new ListenAddress. Then send SIGHUP to sshd to cause it to re-read
the sshd_config file


Rick Blasiak

Phone: (919)-254-2590
Tieline: 8-444-2590
FAX: (919)-543-7421
Internet: blasiak@us.ibm.com
Notes: Richard Blasiak/Raleigh/IBM@IBMUS



Colin Wetherbee
Sent by: listbounce@securityfocus.com
12/05/2007 07:57 PM

To
secureshell@securityfocus.com
cc

Subject
Two SSH servers on the same machine






Greetings.

I have a chroot jail used for mod_perl and PostgreSQL development to
which I have assigned (in my head, to segregate services) a virtual IP.
Outside the jail, one OpenSSH server runs, and I'd like to run another
inside the jail.

The problem I'm facing is that I want the jailed SSH server to use one
IP and the un-jailed SSH server to use the remaining IPs on the machine.

I'm familiar with the ListenAddress directive, but this doesn't seem to
be a solution to my problem because one of the un-jailed IPs is dynamic.

My ideal solution would be to tell the un-jailed SSH server to "use all
IPs except 192.168.171.100", but I don't know if this is possible.

Here's a synopsis of the configuration.

Un-jailed IPs:
eth0 a.b.c.d dynamic
eth3 192.168.171.65 static
lo 127.0.0.1/8 static

Jailed IP:
eth3:0 192.168.171.100 static

The machine is running OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8e 23 Feb 2007.

I'd appreciate any configuration tips. Thanks!

Colin