6

I would like to run two sshd daemons on debian 8 (using openssh), one for administration and one for sftp.

This used to be quite easy in debian 7 but with systemd it is more difficult.

So far I have created the sshd_config_second and the ssh_config_second.

How would I create a service file for sshd_second.service and start the daemon?

I looked into the sshd.service but this does not reference the sshd_config file. Where do I feed the daemon these config files?

Update:

I followed this from RHEL7 and was successful:

https://access.redhat.com/solutions/1166283

mahatmanich
  • 2,794
  • 3
  • 21
  • 23

1 Answers1

8

The default Debian 8 systemd sshd unit is in /lib/systemd/system/ssh.service and is pretty simple. All you would need to do is something like cp /lib/systemd/system/ssh.service /etc/systemd/system/ssh_sftp.service then edit your file to be something like this.

[Unit]
Description=OpenBSD Secure Shell server
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

[Service]
EnvironmentFile=-/etc/default/ssh
ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd_sftp_config $SSHD_OPTS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure

[Install]
WantedBy=multi-user.target
Alias=ssh_sftp_d.service

After creating that file, enable and start it. systemctl enable ssh_sftp.service and systemctl start ssh_sftp.service.

Like @Michael Hampton suggested, basically the exact same set of instructions as what was suggested for the Redhat.

Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • You should run it after sshd.service! – mahatmanich Nov 03 '16 at 21:39
  • Sure, if you want it to be started after. Not sure why the order would really matter. The sftp instance wouldn't depend on the main instance for anything. But feel free to adjust things in whatever makes sense for your environment. Just add `sshd.service` to the `After` line if you want that. – Zoredache Nov 03 '16 at 21:47
  • An extra ssh_config is also not needed, right? – mahatmanich Nov 03 '16 at 22:20
  • 1
    No the `ssh_config` is not used by the ssh server. It is only used to set defaults for the local ssh client software. – Zoredache Nov 03 '16 at 22:29
  • Works for me in Ubuntu 16.04 – Evan Aug 27 '18 at 03:17
  • 1
    @mahatmanich: “You should run it after sshd.service”—that goes against the grain of systemd. The more restrictive ordering on the dependency graph you establish, the less systemd is able to parallelize boot. One of the main reasons systemd came to the scene is that the sequential RC-style init startup makes little sense on multicore CPUs. Unless you have a _real_ reason not to start the 2nd sshd strictly after the default one (then, "After" means different events for different service types, see `man systemd.service`), sequence it as loosely as possible to give systemd a breathing room. – kkm Dec 28 '20 at 07:33