Suppose you have a remote machine that you can
Standalone
On the server enter
On the client enter
If you need to debug you can get messages:
On the server replace
On the client add
Once you are confidant with the new configuration, simply replace /etc/ssh/sshd_config and restart sshd with
As a Service
CAVEAT: This service expects the host keys to already be present. That's normally taken care of when the regular sshd service starts for the first time.
Place your new config into /etc/ssh/sshd_alternate_config.
Ensure the following is in the new config file:
Place sshd_alternate in /etc/rc.d and make sure it's executable.
In /etc/rc.conf add the following lines:
Start up the new instance
Test the configuration from a 2nd console on your workstation:
You can get debug with:
On the server end, stop the service with
If you decide to replace /etc/ssh/sshd_config with /etc/ssh/sshd_alternate_config, make sure you comment out the line
sshd_alternate
ssh
into. You want to make some changes to the config, but making a mistake could lock you out of the box. This is a technique for setting up a 2nd sshd instance and also how to configure it as a service.Standalone
On the server enter
/usr/sbin/sshd -D -p 2222 -f your_new_config
On the client enter
ssh -p 2222 your.server.name
If you need to debug you can get messages:
On the server replace
-D
with -d
, you can use up to three -d
flags for increasing levels of verbosity.On the client add
-v
, again up to three for more verbose output.Once you are confidant with the new configuration, simply replace /etc/ssh/sshd_config and restart sshd with
service sshd restart
As a Service
CAVEAT: This service expects the host keys to already be present. That's normally taken care of when the regular sshd service starts for the first time.
Place your new config into /etc/ssh/sshd_alternate_config.
Ensure the following is in the new config file:
Code:
PidFile /var/run/sshd_alternate.pid
In /etc/rc.conf add the following lines:
Code:
sshd_alternate_enable="YES"
sshd_alternate_flags="-p 2222 -f /etc/ssh/sshd_alternate_config"
service sshd_alternate start
Test the configuration from a 2nd console on your workstation:
ssh -p 2222 your.server.name
You can get debug with:
ssh [B]-v [/B]-p 2222 your.server.name
from the workstation. Add more -v
as needed.On the server end, stop the service with
service sshd_alternate stop
, then run it in the foreground with sshd -d -p 2222 -f /etc/ssh/sshd_alternate_config
.If you decide to replace /etc/ssh/sshd_config with /etc/ssh/sshd_alternate_config, make sure you comment out the line
Code:
PidFile /var/run/sshd_alternate.pid
sshd_alternate
Bash:
#!/bin/sh
# PROVIDE: sshd_alternate
# REQUIRE: LOGIN FILESYSTEMS
# KEYWORD: shutdown
. /etc/rc.subr
name="sshd_alternate"
desc="Secure Shell Daemon (Alternate)"
rcvar="sshd_alternate_enable"
command="/usr/sbin/sshd"
start_precmd="sshd_alternate_precmd"
reload_precmd="sshd_alternate_configtest"
restart_precmd="sshd_alternate_configtest"
configtest_cmd="sshd_alternate_configtest"
pidfile="/var/run/${name}.pid"
extra_commands="configtest reload"
sshd_alternate_configtest()
{
echo "Performing sanity check on ${name} configuration."
eval ${command} ${sshd_alternate_flags} -t
}
sshd_alternate_precmd()
{
run_rc_command configtest
}
load_rc_config $name
run_rc_command "$1"