redhat_Linux

Dual Instance of SSH – CentOS and RHEL

by Farooq Ahmed | Dec 7, 2015 | RHEL / CentOS

This guide is for configuring dual instances of ssh on a single server and bind them to seprate NIC’s/Interfaces/Ethernet ports. Usually this is required in DEV and Prod environments wherein you need additional security and separation of bandwidth and keep DEV and Prod users access limited.

For this guide let’s assume 2 Instances of sshd running on 2 Interfaces of a single server.

SSH config on interfaces:

sshd = For DEV Users = eth0 : 172.16.66.200
sshd-prod = For PROD users = eth1 : 172.16.66.201

We would use the same default port for 2^nd SSH instance but bind that to the production interface (eth1) and then create and rename that to “sshd-prod”.

Make a copy of the sshd_config file (to be used by the second daemon)

# cp -a /etc/ssh/sshd_config /etc/ssh/sshd_prod_config

Edit the “/etc/ssh/sshd_prod_config” file binding sshd_prod to eth1 Interface IP and to a different Process ID file location

ListenAddress 172.16.66.201

PidFile /var/run/sshd-prod.pid

Make a symlink to the sshd binary and make a copy of the sshd init script

# ln -s /usr/sbin/sshd /usr/sbin/sshd-prod

# cp /etc/rc.d/init.d/sshd /etc/rc.d/init.d/sshd-prod

Find the lines below in the “/etc/rc.d/init.d/sshd-prod” file and make the changes accordingly.

# config: /etc/ssh/sshd_prod_config

# pidfile: /var/run/sshd-prod.pid

[ -f /etc/sysconfig/sshd-prod ] && . /etc/sysconfig/sshd-prod

prog=”sshd-prod”

SSHD=/usr/sbin/sshd-prod

PID_FILE=/var/run/sshd-prod.pid

Create the “/etc/sysconfig/sshd-prod” file with the following contents:

OPTIONS=”-f /etc/ssh/sshd_config-prod”

Create a separate PAM configuration file for the new sshd-prod service.

# cp /etc/pam.d/sshd /etc/pam.d/sshd-prod

If SElinux is enabled, set the security context for the sshd-second service

# semanage fcontext -a -e /etc/init.d/sshd /etc/init.d/sshd-prod
# semanage fcontext -a -e /usr/sbin/sshd /usr/sbin/sshd-prod
# semanage fcontext -a -e /etc/ssh/sshd_config /etc/ssh/sshd_prod_config
# restorecon -v /etc/init.d/sshd-prod /usr/sbin/sshd-prod /etc/ssh/sshd_prod_config

Allow the required ports on iptables

Restart the sshd service and the newly created sshd-prod service, and use chkconfig to start the sshd-prod service on reboot.

# service sshd restart && service sshd-prod start && chkconfig –add sshd-prod

If you have got “hosts.allow” configured, you will need to update it with sshd-prod and the IP.

Ex. 10.0.10.10 through production interface. That would be as follows in hosts.allow

sshd-prod : 10.0.10.10

Related Articles….

Install latest Ansible version on Debian 10 (Buster)

by Farooq Ahmed | Jul 26, 2022 | Debian Buster (10)

This article will guide you on installing latest version of Ansible on a Debian 9/10 host. For this article I will be...

Install latest Nginx version from source – Debian 10 (Buster)

by Farooq Ahmed | Jul 13, 2022 | Debian Buster (10)

This article shows you how to install Nginx version 1.23 (at the time of writing this article) on a RaspberryPi...

Generate/sign CSR with subject Alternative Name (SAN) – CentOS7/RHEL7

by Farooq Ahmed | Dec 28, 2018 | RHEL / CentOS

This article will guide you through generating and signing a CSR and at the same time including SubjectAltName within...

Setup/Install WebPasswordsafe (WPS) on CentOS7/RHEL7

by Farooq Ahmed | Dec 24, 2018 | RHEL / CentOS

This article will guide you on installing/setup of WebPasswordsafe v1.3 (WPS) on CentOS7/RHEL7. This is a Password...

Enable https on WebPasswordSafe (WPS) on CentOS7/RHEL7

by Farooq Ahmed | Dec 24, 2018 | RHEL / CentOS

This article will guide you through Enabling https on WebPasswordSafe v1.3. The assumption is that you already have a...

Setup MariaDB on CentOS7/RHEL7

by Farooq Ahmed | Dec 24, 2018 | RHEL / CentOS

This article will guide through installing MariaDB server and its configuration on CentOS7/RHEL7. The assumption for...

« Older Entries