So, the ask here was to have more than one instance of sshd running in the environment. This was purely for testing, you will need to make sure that ports are properly configured in firewalld/iptables services. Follow the steps outlined below to configure multiple instances of ssh with own configuration files.
1. Make a copy of the /etc/ssh/sshd_config file (to be used by the second daemon):
# cp /etc/ssh/sshd_config /etc/ssh/sshd_config-second
2. Edit the /etc/ssh/sshd_config-second file to assign a different port number and pid file.
# egrep 'Port|PidFile' /etc/ssh/sshd_config-second Port 5222 PidFile /var/run/sshd-second.pid
Make sure this port is not in use by any other service
3. Make a symlink to the sshd binary
# ln -s /usr/sbin/sshd /usr/sbin/sshd-second
4. Make a copy of the sshd systemd script
# cp /etc/systemd/system/multi-user.target.wants/sshd.service /etc/systemd/system/sshd-second.service
5. Find the lines below in the /etc/systemd/system/sshd-second.service file and make the changes accordingly
# cat /etc/systemd/system/sshd-second.service [Unit] Description=OpenSSH server daemon After=syslog.target network.target auditd.service [Service] EnvironmentFile=/etc/sysconfig/sshd-second ExecStartPre=/usr/sbin/sshd-keygen ExecStart=/usr/sbin/sshd-second -D $OPTIONS ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure RestartSec=42s [Install] WantedBy=multi-user.target
Note: Changes made to EnvironmentFile= and ExecStart=
6. Create the /etc/sysconfig/sshd-second file with the following contents:
# cat /etc/sysconfig/sshd-second # Configuration file for the sshd service. # The server keys are automatically generated if they omitted # to change the automatic creation uncomment the appropriate # line. The default is NODSA which means rsa and ecdsa keys are # generated. # AUTOCREATE_SERVER_KEYS=NODSA # AUTOCREATE_SERVER_KEYS=RSAONLY # AUTOCREATE_SERVER_KEYS=NO # AUTOCREATE_SERVER_KEYS=YES # Do not change this option unless you have hardware random # generator and you REALLY know what you are doing SSH_USE_STRONG_RNG=0 OPTIONS="-f /etc/ssh/sshd_config-second" # SSH_USE_STRONG_RNG=1
Note: OPTIONS= was added to config file
7. Copy service file.
# cp /etc/systemd/system/sshd-second.service /usr/lib/systemd/system/sshd-second.service
8. Create a separate PAM configuration file for the new sshd-second service
# cp /etc/pam.d/sshd /etc/pam.d/sshd-second
9. Restart sshd service and the newly created sshd-second service, and use sysctl to start the sshd-second service on reboot
# systemctl restart sshd.service # systemctl start sshd-second.service # systemctl enable sshd-second.service ln -s '/etc/systemd/system/sshd-second.service' '/etc/systemd/system/multi-user.target.wants/sshd-second.service'
Note: the last line of code above is the output of the systemctl command, not a command you should enter
1. Verify you can ssh into the server from another machine, you must specify the port to use to connect to the new instance of sshd
# ssh user1@localhost -p 5222 The authenticity of host '[localhost]:5222 ([::1]:5222)' can't be established. ECDSA key fingerprint is e6:f4:af:9e:ce:2c:d3:41:c6:d2:fd:9e:3e:c7:52:6f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:5222' (ECDSA) to the list of known hosts. user1@localhost's password:
2. You can check the status of the second service to make sure it is active:
# systemctl -l status sshd-second.service sshd-second.service - OpenSSH server daemon Loaded: loaded (/etc/systemd/system/sshd-second.service; enabled) Active: active (running) since Fri 2014-08-08 09:31:10 EDT; 5min ago Main PID: 2589 (sshd-second) CGroup: /system.slice/sshd-second.service └─2589 /usr/sbin/sshd-second -D -f /etc/ssh/sshd_config-second
3. You can also see the messages:
# tail -f /var/log/messages Aug 08 09:31:10 localhost.localdomain systemd: Starting OpenSSH server daemon... Aug 08 09:31:10 localhost.localdomain systemd: Started OpenSSH server daemon. Aug 08 09:31:10 localhost.localdomain sshd-second: Server listening on 0.0.0.0 port 5222. Aug 08 09:31:10 localhost.localdomain sshd-second: Server listening on :: port 5222. Aug 08 09:34:14 localhost.localdomain sshd-second: Accepted password for user1 from ::1 port 59139 ssh2
How to configure multiple instances of sshd in CentOS/RHEL 5,6