How to configure multiple instances of sshd in RHEL 7 or 8?
Environment
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
openssh-server
Issue
How to configure multiple instances of sshd
in Red Hat Enterprise Linux 7 or 8? Is that supported?
Resolution
This resolution applies to Red Hat Enterprise Linux 7 or 8. If you want to run multiple instances of sshd
on RHEL 5 or RHEL 6, please see How to configure multiple instances of sshd in RHEL 5 or 6? describing the same for these RHEL versions.
Running multiple instances of sshd
on RHEL7 or 8 is supported. Follow the steps below to configure a second instance of sshd
:
-
Make a copy of the
sshd_config
file (to be used by the second daemon).# cp /etc/ssh/sshd{,-second}_config #
-
Edit
sshd-second_config
to assign a different port number. UsePort
keyword to achieve that. Seesshd_config(5)
for documentation on these keywords. Make sure this port is not in use by any other service.Port 22220
-
Make a copy of the
systemd
unit file for thesshd
service.# cp /usr/lib/systemd/system/sshd.service /etc/systemd/system/sshd-second.service #
-
Alter
/etc/systemd/system/sshd-second.service
in the following way:-
Modify
Description
Description=OpenSSH server second instance daemon
-
Add the
-f /etc/ssh/sshd-second_config
option tosshd
, so that the alternative configuration file is usedExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd-second_config $OPTIONS
Note: The
ExecStart
line may differ, depending on the RHEL sub-release. Keep the rest of the line as is.
-
-
If using SELinux, add the port for the second instance of
sshd
to SSH ports, otherwise the second instance ofsshd
will be rejected to bind to the port:# yum -y install policycoreutils-python # semanage port -a -t ssh_port_t -p tcp 22220 #
-
Run a reload so that
systemd
can pick up the changes:# systemctl daemon-reload #
-
Start
sshd-second.service
and enable the service, so that it starts automatically upon boot:# systemctl enable sshd-second.service --now Created symlink from /etc/systemd/system/multi-user.target.wants/sshd-second.service to /etc/systemd/system/sshd-second.service. #
Diagnostic Steps
Whether the second sshd
instance is started, can be checked with systemctl
:
# systemctl status sshd-second.service
sshd-second.service - OpenSSH server second instance daemon
Loaded: loaded (/etc/systemd/system/sshd-second.service; enabled)
Active: active (running) since Mon 2014-08-18 12:58:25 CEST; 1s ago
Main PID: 4799 (sshd)
CGroup: /system.slice/sshd-second.service
`-4799 /usr/sbin/sshd -D -f /etc/ssh/sshd-second_config
Aug 18 12:58:25 server systemd[1]: Starting OpenSSH server second instance daemon...
Aug 18 12:58:25 server systemd[1]: Started OpenSSH server second instance daemon.
Aug 18 12:58:25 server sshd[4799]: Server listening on 0.0.0.0 port 22220.
Aug 18 12:58:25 server sshd[4799]: Server listening on :: port 22220.
#
Users can login from a client using the -p
option of ssh
:
$ ssh -p 22220 user@server
If firewall is in use, please make sure that it is configured appropriately in order to allow connections to the second instance of sshd
.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments