Running two SSH servers

Question

Is this above mentioned in title possible ? I want to run one SSH server for SFTP clients (on some other port.. for ex 2121 ), and want to run other SSH server for SSH clients which will be allowed to log in only with key. Anyone have Idea how to implement this ?

tnx

related: https://askubuntu.com/questions/324503/2-sshd-configurations-1-for-internal-and-1-external — But those new buttons though.., Feb 10 '21 at 15:30

BillThor · Accepted Answer · 2017-05-10T23:57:57.410

10

Use separate config files and start one of the servers specifying the config file. To use a different file use -f option followed by the config file you want to use.

If you want to make this persistent, you will need to create a copy of the init.d script that starts sshd and modify it to use a different pid and the new configuration file. More modern distributions use systemd which uses different control files, for which you will need to create new copies.

It may be possible to achieve what you want with a single sshd and a Match block. (as mentioned by joschi). You will need to add the additional port(s) and/or address(es) to the configuration. Match will only allow some properties to be changed. See the documentation for sshd.config which may be output by the command man sshd_config. You match line might look like:

Match LocalPort 1022

edited May 10 '17 at 23:57

answered Jul 04 '10 at 16:22

BillThor

27,737
3
37
69

And how can I do this ? – amarc Jul 04 '10 at 16:30
1

See `sshd(8)` and read about the parameter `-f`: http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8 – joschi Jul 04 '10 at 16:35
You will most likely also want a separate set of init scripts, pid files, etc. Exactly how do accomplish that depends on what linux distribution you are running. Yet, different config files are the core in the solution. – andol Jul 04 '10 at 16:43
1

Well I run Debian Lenny.. I just did /usr/sbin/sshd -f /etc/ssh/sshd_config2 and that did start ssh on diferent port. It would be nice to have init script tho. Anything I could change *quickly* in original /etc/init.d/ssh to acomplish this ? tnx – amarc Jul 04 '10 at 16:45

score 6 · Answer 2 · answered Jul 04 '10 at 16:34

6

Alternatively to the solution posted by BillThor (using two seperate configuration files) you might want to check the Match directive in sshd_config(5) which can be used apply different configurations per user/group/client IP address.

answered Jul 04 '10 at 16:34

joschi

21,387
3
47
50

While this technically isn't what you are asking for, it does seem like the most natural solution to the problem I am guessing you are trying to solve. – andol Jul 04 '10 at 16:44

score 1 · Answer 3 · answered Nov 11 '18 at 11:54

An option would be to use a Docker container with Alpine Linux and OpenSSH. The resulting image is less than 20MB in size and if used properly the additional level of indirection can also increase security, if it is an internet-facing server. Togehter with sshfs you would also be able to selectively mount remote filesystems.

Running two SSH servers

3 Answers3