Two NICs. two SSH servers

I have a Linux box with two NICs, on different networks, each with a
static IP address of its own. How can things be arranged so that I have
two SSH servers, each bound to a different NIC and on a different port?

Augustus SFX van Dusen wrote:[color=blue]
> I have a Linux box with two NICs, on different networks, each with a
> static IP address of its own. How can things be arranged so that I have
> two SSH servers, each bound to a different NIC and on a different port?
>
>[/color]

The ListenAddress parameter in your config file defines which address
(and port) sshd will listen on. The -f flag when starting sshd will
specify which config file it will use.


Chris Mattern

"Chris Mattern" <syscjm@gwu.edu> wrote in message
news:12csvckni41to65@corp.supernews.com...[color=blue]
> Augustus SFX van Dusen wrote:[color=green]
>> I have a Linux box with two NICs, on different networks, each with a
>> static IP address of its own. How can things be arranged so that I have
>> two SSH servers, each bound to a different NIC and on a different port?
>>
>>[/color]
>
> The ListenAddress parameter in your config file defines which address
> (and port) sshd will listen on. The -f flag when starting sshd will
> specify which config file it will use.[/color]

Besides two distinct sshd_config files for this, it usually helps to have
two different init scripts to start the daemons and two different PID file
locations to avoid conflicts in restarting one or the other daemon.

Why do you want to do this? If you have DNS pointing to one hostname and IP
address, and DNS pointing to the other, You don't even need them to be on
different TCP portnumbers, simply different "ListenAddress" settings. Any
attempt to contact one server will automatically go to that port.

I've used this sort of thing for machines with multiple ports, such as one
address accessible on the outside WAN and another in the DMZ, to be able to
pick which port I'm connecting to.

On Mon, 31 Jul 2006 19:54:53 GMT, Augustus SFX van Dusen <ASFXvD@story.net> wrote:[color=blue]
> I have a Linux box with two NICs, on different networks, each with a
> static IP address of its own. How can things be arranged so that I have
> two SSH servers, each bound to a different NIC and on a different port?[/color]

I suggest the following procedure, which will give you two distinct
ssh daemons, each with its own policies. These instructions pertain
to Redhat-style systems, your file paths might vary.

Let's assume you already have ssh set up to listen on one NIC
with the policies you want. Then, without too much detail:

1. cp -p /etc/ssh/ssh_config /etc/ssh/otherssh_config
Modify the new file as necessary for the policy you want.

2. cp -p /etc/ssh/sshd_config /etc/ssh/othersshd_config
Modify the new file as necessary. Most importantly, look
at ListenAddress and Port.

3. cp -p /etc/rc.d/init.d/sshd /etc/rc.d/init.d/othersshd
Modify the new file to point to otherssh instead of ssh.

4. cd /usr/sbin/
ln -s sshd othersshd
No changes to the executable

5. cd /etc/pam.d/
ln -s sshd othersshd
No changes to the PAM module, usually

Then when all the changes are done:
6. chkconfig --add othersshd
chkconfig --list | grep othersshd
Should be on in levels 2345
service othersshd start
This should create a new set of keys.

One drawback to this scheme: if you ever update ssh, it might change
the config files or sshd init file, but it won't touch the
otherssh files.

--
Dale Dellutri <ddelQQQlutr@panQQQix.com> (lose the Q's)

On Mon, 31 Jul 2006 19:54:53 +0000, Augustus SFX van Dusen wrote:
[color=blue]
> I have a Linux box with two NICs, on different networks, each with a
> static IP address of its own. How can things be arranged so that I have
> two SSH servers, each bound to a different NIC and on a different port?[/color]

Thanks to everybody that replied. Actually, much to my surprise, I do not
really need this - my OpenSSH daemon sshd seems to listen for connections
on all local NICs. The man pages for sshd_config confirm this.