如何解决使用2种不同的sshd配置
我有以下任务:
- 配置ssh服务,以使用户 special 无法通过该服务进行连接。
- 在端口2222上打开ssh服务器,以侦听127.0.0.1。限制此服务,以便仅用户 special 可以连接。为此需要创建一个服务。
我的方法基于https://askubuntu.com/questions/324503/2-sshd-configurations-1-for-internal-and-1-external
- 修改
/etc/ssh/sshd_config
,添加DenyUsers special
- 修改
/etc/ssh/sshd_config_external
设置Port 2222
和ListenAddress 127.0.0.1
- 创建
/lib/systemd/system/sshd-external.service
并对其进行修改,以将新配置包含为ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sshd_config_external
sshd.service
启动:
[root@bastion 0 ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2020-09-19 12:54:16 UTC; 19min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 1418 (sshd)
CGroup: /system.slice/sshd.service
└─1418 /usr/sbin/sshd -D
Sep 19 12:54:16 bastion.7eca.example.opentlc.com systemd[1]: Starting OpenSSH server daemon...
Sep 19 12:54:16 bastion.7eca.example.opentlc.com sshd[1418]: Server listening on 0.0.0.0 port 22.
Sep 19 12:54:16 bastion.7eca.example.opentlc.com sshd[1418]: Server listening on :: port 22.
Sep 19 12:54:16 bastion.7eca.example.opentlc.com systemd[1]: Started OpenSSH server daemon.
Sep 19 12:54:30 bastion.7eca.example.opentlc.com sshd[1884]: Accepted publickey for hesteban-redhat.com from 88.128.92.150 port 40092 ssh2: RSA SHA256:sWujd4yvXg62et5LzOAR7BhMGvQ5+vBNSUrgrVdUdEs
Sep 19 12:55:48 bastion.7eca.example.opentlc.com sshd[1929]: Received disconnect from 222.186.30.35 port 58344:11: [preauth]
Sep 19 12:55:48 bastion.7eca.example.opentlc.com sshd[1929]: Disconnected from 222.186.30.35 port 58344 [preauth]
Sep 19 13:13:52 bastion.7eca.example.opentlc.com sshd[2219]: Received disconnect from 222.186.42.155 port 10630:11: [preauth]
Sep 19 13:13:52 bastion.7eca.example.opentlc.com sshd[2219]: Disconnected from 222.186.42.155 port 10630 [preauth]
但是问题出在我启动sshd-extended.service
[root@bastion 0 ~]# systemctl start sshd-external
Job for sshd-external.service failed because a timeout was exceeded. See "systemctl status sshd-external.service" and "journalctl -xe" for details.
[root@bastion 0 ~]# journalctl -xe
-- Unit sshd-external.service has begun starting up.
Sep 21 06:27:18 bastion.7eca.example.opentlc.com sshd[2079]: Server listening on 127.0.0.1 port 2222.
Sep 21 06:27:18 bastion.7eca.example.opentlc.com systemd[1]: Got notification message from PID 2079,but reception only permitted for main PID 2078
Sep 21 06:28:48 bastion.7eca.example.opentlc.com systemd[1]: sshd-external.service start operation timed out. Terminating.
Sep 21 06:28:48 bastion.7eca.example.opentlc.com systemd[1]: Failed to start OpenSSH server daemon.
-- Subject: Unit sshd-external.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit sshd-external.service has failed.
然后,如果我再试一次,它说的问题是127.0.0.1端口2222已被使用
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。