Hello,
I realize I worded the last message poorly. I meant to run ps to list the sshd
processes so you could see the command that was used to start them. This would
tell you whether or not the -f options was being used when ext_ssh was started.
The problems you are seeing are mainly with the ext_ssh file. The
instructions were written for Redhat and need to be reworked for Ubuntu because
its service startup scripts have a different structure.
I took a look at an Ubuntu installation. There is no OPTIONS variable in
/etc/init.d/ssh so the "OPTIONS=" line you added has no effect. Instead, it
uses a SSHD_OPTS variable. Find the "init-functions" line and add the following
line after it:
SSHD_OPTS="-f /etc/ssh/external_sshd_config"
Change all "sshd.pid" strings to "ext_sshd.pid". The following sed command
should work:
sed -i -r -e "s/(ext_)?sshd\.pid/ext_sshd.pid/g" /etc/init.d/ext_ssh
I have attached a script I used to configure sshd on my Ubuntu test image. It's
pretty raw but it works for me. Please reply if you have any problems with it.
I'll update the documentation with this script if it's working properly.
Hope this helps,
Andy
Kiran N wrote:
Thanks Andy for the response!
After stopping all the SSH services, I restarted the external ssh by the
command
/etc/init.d/ext_ssh start
and as you said, ext_ssh is listening on the private IP address.
I am attaching the ssh, ext_ssh and external_ssh_config files.
Also the output for command used to start the external sshd process:
ps -ef | grep sshd
is not as you said.
Hope this helps to figure out the problem!
#!/bin/bash
function set_config {
if [ $# -ne 3 ]
then
echo "usage: set_config [config_file] [keyword] [value]"
exit 1
fi
config_file=$1
keyword=$2
value=$3
if [ $value == '#' ]
then
#echo "Commenting $keyword lines in $config_file"
sed -i -r -e "s/^[ #]*($keyword .*)/#\1/" $config_file
else
if [ `grep -i -r -c "^[ #]*$keyword " $config_file` == '0' ]
then
#echo "Adding $keyword value to $config_file"
echo "$keyword $value" >> $config_file
else
escaped_value=$(echo $value | sed -e 's/\//\\\//g')
#echo Setting $keyword to $value in $config_file
sed -i -r -e "s/^[ #]*($keyword).*/\1 $escaped_value/" $config_file
fi
fi
#grep -i -r "^[ #]*$keyword" $config_file
return 1;
}
clear
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG
set_config '/etc/ssh/sshd_config' 'StrictModes' 'no'
set_config '/etc/ssh/sshd_config' 'X11Forwarding' 'yes'
set_config '/etc/ssh/sshd_config' 'KeyRegenerationInterval' '0'
set_config '/etc/ssh/sshd_config' 'MaxStartups' '#'
cp /etc/ssh/sshd_config /etc/ssh/external_sshd_config
set_config '/etc/ssh/external_sshd_config' 'PidFile' '/var/run/ext_sshd.pid'
sed -i -r -e "s/^[ #]*AllowUsers.*//g" /etc/ssh/sshd_config
sed -i -r -e "s/^[ #]*AllowUsers.*//g" /etc/ssh/external_sshd_config
sed -i -r -e "s/^[ #]*ListenAddress.*//g" /etc/ssh/sshd_config
sed -i -r -e "s/^[ #]*ListenAddress.*//g" /etc/ssh/external_sshd_config
IP0=$(ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | awk -F: '{print
$2}')
IP1=$(ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | awk -F: '{print
$2}')
echo "IP eth0: $IP0"
echo "IP eth1: $IP1"
echo "AllowUsers root" >> /etc/ssh/sshd_config
echo "ListenAddress $IP0" >> /etc/ssh/sshd_config
echo "ListenAddress $IP1" >> /etc/ssh/external_sshd_config
cp /etc/init.d/ssh /etc/init.d/ext_ssh
sed -i -r -e "s/(ext_)?sshd\.pid/ext_sshd.pid/g" /etc/init.d/ext_ssh
sed -i -r -e "s/\"sshd\"/\"ext_sshd\"/g" /etc/init.d/ext_ssh
sed -i -r -e "s/(.*init-functions)/\1\n\nSSHD_OPTS=\"-f
\/etc\/ssh\/external_sshd_config\"/" /etc/init.d/ext_ssh
echo
echo Stopping sshd services...
service ssh stop
sleep 2
service ext_ssh stop
sleep 2
rm -f /var/run/*sshd*pid
echo
echo Starting sshd services...
service ssh start
sleep 2
service ext_ssh start
echo
echo sshd processes:
pgrep -fl "sbin.sshd"
echo
echo sshd.pid: `cat /var/run/sshd.pid`
echo ext_sshd.pid: `cat /var/run/ext_sshd.pid`
