geodb27People hi ! For my custom needs, I need to run a second sshd server aside the default one. What would be the prefered way to do so ? The ubuntu18.04 server machine I need this on runs systemd, should I write my own systemd service file ?09:18
rbasakgeodb27: I think it depends on the reason you need it. COuld you elaborate?09:33
geodb27Thanks for your answer rbasak. I need a specific ssh on which to connect, only with key auth for certain users that would not allow shell access but only use the "forceCommand" config parameter to be used.09:35
geodb27I can't modify the running and main sshd process. It should be aside for security reasons.09:36
rbasakYou know you can do that with a Match directive on the main sshd process, right?09:37
rbasakWhy can't you modify the main one?09:37
geodb27Indeed I could. But this would enforce the forceCommand for all users and would restrict what can be done. The main process suits my needs : users can ssh, scp, rsync, sftp and so on. I don't want to alter that.09:39
rbasakgeodb27: no, that's not right. You can use the Match directive in sshd_config to limit a ForceCommand to a specific set of users or groups.09:46
rbasakgeodb27: in answer to your original question, I think you'd have to write a separate systemd service file, but you'd also have to carefully write an sshd_config that avoids using any state directories that would conflict with the main sshd process.09:47
rbasakI remember someone else doing something similar though for different reasons having quite a bit of trouble with that.09:48
rbasakI believe it's possible, but I think you'll have a much easier time of it, and less to maintain, if you can configure what you need with Match instead.09:49
geodb27Thanks rbasak for answering my first question :-) I'll look for it. The main idea is to leave things untouched for now and have something else aside. Let me explain a bit more if you want :09:49
geodb27My users are used ton connect to this server via every way I quoted above and I don't want to change anything.09:50
geodb27However, I have a special user on this machine that I'd like to be abble to launch in place of some of the users (and not all) one specific command (mainly rsync -av $HOME other_server:HOME). You could say that each user can do that, and indeed, they can, but that is not the point.09:51
rbasakgeodb27: so I'd add a Match directive for just that special user with its ForceCommand09:55
rbasakThat won't intefere with sshd configuration for any other user09:55
rbasakAnd it won't increase the exposed surface for security, unlike adding an additional sshd process with its own entirely separate configuration09:56
geodb27I think that I mis-explained something. Never mind, I've successfully made what I wanted. If you want, I can show in a pastebin how I did it.09:58
geodb27http://dpaste.com/214THCR There we are. You might well better understand my needs. This setup works fine for me.10:26
rbasakOh, I see.11:18
rbasakI would still resist doing it by adding an extra sshd instance, but I agree that you can't just use a Match directive to achieve that as I suggested.11:19
geodb27I It will suit my needs, and much more, it'll solve another similar problem that I'll face later on with another server. Still, it looks secure enough and I don't think that ssh will add much overload to the machines.13:22
=== StathisA- is now known as StathisA
=== Xbert is now known as Guest30655
=== StathisA- is now known as StathisA
=== StathisA- is now known as StathisA
azxHello where can i learn how to work with and configure rackmount hardware20:22
lordcirth_azx, Try #ubuntu-offtopic20:23

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!