Centos 7 設定

在 Port 2201/tcp 建立另一個 sshd Instance

1. 建立新的 sshd 設定檔

cp -a /etc/ssh/sshd_config /etc/ssh/sshd-2201_config

修改 /etc/ssh/sshd-2201_config

# For github rsync by ssh
Port 2201

PermitRootLogin                 no
PasswordAuthentication          no
ChallengeResponseAuthentication no
AuthorizedKeysFile      /etc/ssh/github_key/%u.pub

Banner                  /etc/ssh/banner.github.txt

AllowTcpForwarding      no
GatewayPorts            no
X11Forwarding           no
PermitTunnel            no

PermitTTY               no

AllowGroups             github_users

echo -e "\nFor Github Access\n" > /etc/ssh/banner.github.txt

2. 設定 Service

cp -a /usr/lib/systemd/system/sshd.service /etc/systemd/system/sshd-2201.service

修改 /etc/systemd/system/sshd-2201.service

ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd-2201_config $OPTIONS

systemctl daemon-reload

3. 啟用 Service

systemctl enable sshd-2201.service --now

4. Checking

systemctl status sshd-2201.service

● sshd-2201.service - OpenSSH server daemon
   Loaded: loaded (/etc/systemd/system/sshd-2201.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-11-18 16:28:27 HKT; 37min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 3015 (sshd)
   Memory: 1000.0K
   CGroup: /system.slice/sshd-2201.service
           └─3015 /usr/sbin/sshd -D -f /etc/ssh/sshd-2201_config
...

5. firewall

firewall-cmd --add-port=2201/tcp --permanent

firewall-cmd --reload

6. Create Group

useradd -r github_users -s /bin/false -M

passwd -l github_users

usermod -a -G github_users YOUR_USER

7. Key file login

mkdir /etc/ssh/github_key

Ubuntu 22

cp -a /etc/ssh/{sshd_config,sshd-2201_config}

sed -i 's/^Port 22/Port 2201/g' /etc/ssh/sshd-2201_config

SERVICE_FILE=/etc/systemd/system/ssh-2201.service

cp -a /usr/lib/systemd/system/ssh.service $SERVICE_FILE

sed -i 's#^ExecStart=.*$#& -f /etc/ssh/sshd-2201_config#g' $SERVICE_FILE

sed -i 's#^Alias=.*#^Alias=sshd-2201.service#g' $SERVICE_FILE

systemctl enable ssh-2201.service --now