2012/2/14 Rob Owens <[email protected]>: > On Tue, Feb 14, 2012 at 12:26:54AM +0100, Claudius Hubig wrote: >> Hello Sylvain, >> >> Sylvain <[email protected]> wrote: >> >Right now I'm a bit confused by the way chroot seems to work with users. >> >I'd be grateful if someone had an idea on how to do have an ssh instance >> >running on a specific port and allowing only certain users. >> >> Check $(man sshd_config) and the AllowUser option. You should then be >> able to create a second SSHd configuration file listening on the >> appropriate port. I would then go on and maybe adapt >> either /etc/init.d/ssh slightly to also start the second server (with >> the appropriate configuration file) or create a second script doing >> the same thing. >> > I agree with Claudius. For your second instance of ssh, you don't need > a chroot. You do need: > > /etc/init.d/ssh.alt > /etc/default/ssh.alt > /etc/ssh/sshd_config.alt (and use the AllowUsers and Port options) > /var/run/sshd.alt (although your init script may create this directory, > if you copy the standard ssh init script) > > I do this on my system. I run LTSP on my LAN, which requires the use of > password authentication for ssh. But for access to my server from the > internet, I require public key authentication. The only way I knew how > to accomplish this was to use two instances of ssh. > > -Rob
That worked fine, thanks! I just had to set the PidFile option in the /etc/ssh/sshd_config.alt to reflect the one set in the init script. Sylvain -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/cajwbqfpizhfcnkwtvbaynvm_mrlujvdmz8vq8vqgdnbv9-g...@mail.gmail.com
