ssh multi instance

 

 


設定

 

在 Port 2222/TCP 建立另一個 SSHD Instance

# OS: Centos 7

1. 建立新的 sshd 設定檔

cp -a /etc/ssh/sshd_config /etc/ssh/sshd-github_config

修改 /etc/ssh/sshd-github_config

Port 2222

PermitRootLogin                 no
PasswordAuthentication          no
ChallengeResponseAuthentication no
AuthorizedKeysFile      /etc/ssh/github_key/%u.pub

Banner                  /etc/ssh/banner.github.txt

AllowTcpForwarding      no
GatewayPorts            no
X11Forwarding           no

AllowGroups             github_users

echo -e "\nFor Github Access\n" > /etc/ssh/banner.github.txt

2. 設定 Service

cp -a /usr/lib/systemd/system/sshd.service /etc/systemd/system/sshd-github.service

# U22: cp -a /usr/lib/systemd/system/ssh.service /etc/systemd/system/ssh-github.service

修改 /etc/systemd/system/sshd-github.service

ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd-github_config $OPTIONS

systemctl daemon-reload

3. 啟用 Service

systemctl enable sshd-github.service --now

4. Checking

systemctl status sshd-github.service

● sshd-github.service - OpenSSH server daemon
   Loaded: loaded (/etc/systemd/system/sshd-github.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-11-18 16:28:27 HKT; 37min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 3015 (sshd)
   Memory: 1000.0K
   CGroup: /system.slice/sshd-github.service
           └─3015 /usr/sbin/sshd -D -f /etc/ssh/sshd-github_config
...

5. firewall

firewall-cmd --add-port=2222/tcp --permanent

firewall-cmd --reload

6. Create Group

useradd -r github_users -s /bin/false

passwd -l github_users

usermod -a -G github_users YOUR_USER

7. Key file login

mkdir /etc/ssh/github_key