On Mon, Feb 13, 2012 at 10:00:33PM -0700, Paul E Condon wrote: > On 20120213_200321, Rob Owens wrote: > > On Tue, Feb 14, 2012 at 12:26:54AM +0100, Claudius Hubig wrote: > > > Hello Sylvain, > > > > > > Sylvain <[email protected]> wrote: > > > >Right now I'm a bit confused by the way chroot seems to work with users. > > > >I'd be grateful if someone had an idea on how to do have an ssh instance > > > >running on a specific port and allowing only certain users. > > > > > > Check $(man sshd_config) and the AllowUser option. You should then be > > > able to create a second SSHd configuration file listening on the > > > appropriate port. I would then go on and maybe adapt > > > either /etc/init.d/ssh slightly to also start the second server (with > > > the appropriate configuration file) or create a second script doing > > > the same thing. > > > > > I agree with Claudius. For your second instance of ssh, you don't need > > a chroot. You do need: > > > > /etc/init.d/ssh.alt > > /etc/default/ssh.alt > > /etc/ssh/sshd_config.alt (and use the AllowUsers and Port options) > > /var/run/sshd.alt (although your init script may create this directory, > > if you copy the standard ssh init script) > > I have been running dozens of instances of ssh simultaneously for > years without doing anything like the above. Either it is entirely > unnecessary or the Debian Maintainer has include all this in his > install script. Or maybe, like gnome-terminal, a single instance can > manage multiple indepentent windows. Either way, I have found the > number of windows to be effectively unbounded. Have you tried it? > I think you will find that it works. > How do you do it? Just launch sshd on the command line and specify an alternate config file? I need two instances with two different config files, and I need them to always be running. I figured the best way was to duplicate the default sshd setup (as shown above). But if there's a better way, I'd like to know.
-Rob -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
