[09:18] <geodb27> People hi ! For my custom needs, I need to run a second sshd server aside the default one. What would be the prefered way to do so ? The ubuntu18.04 server machine I need this on runs systemd, should I write my own systemd service file ?
[09:33] <rbasak> geodb27: I think it depends on the reason you need it. COuld you elaborate?
[09:35] <geodb27> Thanks for your answer rbasak. I need a specific ssh on which to connect, only with key auth for certain users that would not allow shell access but only use the "forceCommand" config parameter to be used.
[09:36] <geodb27> I can't modify the running and main sshd process. It should be aside for security reasons.
[09:37] <rbasak> You know you can do that with a Match directive on the main sshd process, right?
[09:37] <rbasak> Why can't you modify the main one?
[09:39] <geodb27> Indeed I could. But this would enforce the forceCommand for all users and would restrict what can be done. The main process suits my needs : users can ssh, scp, rsync, sftp and so on. I don't want to alter that.
[09:46] <rbasak> geodb27: no, that's not right. You can use the Match directive in sshd_config to limit a ForceCommand to a specific set of users or groups.
[09:47] <rbasak> geodb27: in answer to your original question, I think you'd have to write a separate systemd service file, but you'd also have to carefully write an sshd_config that avoids using any state directories that would conflict with the main sshd process.
[09:48] <rbasak> I remember someone else doing something similar though for different reasons having quite a bit of trouble with that.
[09:49] <rbasak> I believe it's possible, but I think you'll have a much easier time of it, and less to maintain, if you can configure what you need with Match instead.
[09:49] <geodb27> Thanks rbasak for answering my first question :-) I'll look for it. The main idea is to leave things untouched for now and have something else aside. Let me explain a bit more if you want :
[09:50] <geodb27> My users are used ton connect to this server via every way I quoted above and I don't want to change anything.
[09:51] <geodb27> However, I have a special user on this machine that I'd like to be abble to launch in place of some of the users (and not all) one specific command (mainly rsync -av $HOME other_server:HOME). You could say that each user can do that, and indeed, they can, but that is not the point.
[09:55] <rbasak> geodb27: so I'd add a Match directive for just that special user with its ForceCommand
[09:55] <rbasak> That won't intefere with sshd configuration for any other user
[09:56] <rbasak> And it won't increase the exposed surface for security, unlike adding an additional sshd process with its own entirely separate configuration
[09:58] <geodb27> I think that I mis-explained something. Never mind, I've successfully made what I wanted. If you want, I can show in a pastebin how I did it.
[10:26] <geodb27> http://dpaste.com/214THCR There we are. You might well better understand my needs. This setup works fine for me.
[11:18] <rbasak> Oh, I see.
[11:19] <rbasak> I would still resist doing it by adding an extra sshd instance, but I agree that you can't just use a Match directive to achieve that as I suggested.
[13:22] <geodb27> I It will suit my needs, and much more, it'll solve another similar problem that I'll face later on with another server. Still, it looks secure enough and I don't think that ssh will add much overload to the machines.
[20:22] <azx> Hello where can i learn how to work with and configure rackmount hardware
[20:23] <lordcirth_> azx, Try #ubuntu-offtopic