红帽全球峰会1.8. Creating a custom unit file by using the second instance of the sshd service
If you need to configure and run multiple instances of a service, you can create copies of the original service configuration files and modify certain parameters to avoid conflicts with the primary instance of the service.
Procedure
To create a second instance of the sshd service:
Create a copy of the
sshd_configfile that the second daemon will use:# cp /etc/ssh/sshd{,-second}_configEdit the
sshd-second_configfile created in the previous step to assign a different port number and PID file to the second daemon:Port 22220 PidFile /var/run/sshd-second.pidSee the
sshd_config(5) manual page for more information aboutPortandPidFileoptions. Make sure the port you choose is not in use by any other service. The PID file does not have to exist before running the service, it is generated automatically on service start.Create a copy of the
systemdunit file for thesshdservice:# cp /usr/lib/systemd/system/sshd.service /etc/systemd/system/sshd-second.serviceAlter the created
sshd-second.service:Modify the
Descriptionoption:Description=OpenSSH server second instance daemonAdd
sshd.serviceto services specified in theAfteroption, so that the second instance starts only after the first one has already started:After=syslog.target network.target auditd.service sshd.service-
Remove the
ExecStartPre=/usr/sbin/sshd-keygenline, the first instance ofsshdincludes key generation. Add the
-f /etc/ssh/sshd-second_configparameter to thesshdcommand, so that the alternative configuration file is used:ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd-second_config $OPTIONSAfter the modifications, the
sshd-second.serviceunit file contains the following settings:[Unit] Description=OpenSSH server second instance daemon After=syslog.target network.target auditd.service sshd.service [Service] EnvironmentFile=/etc/sysconfig/sshd ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd-second_config $OPTIONS ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure RestartSec=42s [Install] WantedBy=multi-user.target
If using SELinux, add the port for the second instance of
sshdto SSH ports, otherwise the second instance ofsshdwill be rejected to bind to the port:# semanage port -a -t ssh_port_t -p tcp 22220Enable
sshd-second.serviceto start automatically on boot:# systemctl enable sshd-second.service-
Verify if the
sshd-second.serviceis running by using thesystemctl statuscommand. Verify if the port is enabled correctly by connecting to the service:
$ ssh -p 22220 user@serverMake sure you configure the firewall to allow connections to the second instance of
sshd.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}