Subject: Re: running a second sshd
To: Andy Ruhl <acruhl@gmail.com>
From: Stefan 'Kaishakunin' Schumacher <stefan@net-tex.de>
List: netbsd-users
Date: 08/17/2005 21:40:31
--0vzXIDBeUiKkjNJl
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Also sprach Andy Ruhl (acruhl@gmail.com)
> On 8/17/05, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
>=20
> Is it your goal to just listen on 2 ports or actually run a totally
> separate instance? If the later, do you mind if I ask why?
Multiple sshd instances can be useful if you want redundancy for
security reasons (even sshd might crash or hang, so a fallback
solution is required) or if you want to use several instances for
several users/groups.=20
On our PostgreSQL server, three instances of sshd listen,=20
one on :22 and another on :443, they are the same and
:443 serves as a fallback solution. Additionally, both are set to
accept PubKey only and allow only my user, to avoid dictionary
attacks. A third sshd listens on the internal NIC for the institutes
members, it is filtered with ipf to allow only specified clients and
it does allow password based authentication.
BTW: sometime ago I wrote a German explanation of the sshd.config
options, it can be fount at http://www.net-tex.de/unix/ssh.html
--=20
PGP FPR: CF74 D5F2 4871 3E5C FFFE 0130 11F4 C41E B3FB AE33
--=20
Der Geist des Kriegers sollte mit Beginn des Neujahrstages bis zum Ende=20
des Jahres vom Gedanken an seinen Tod beherrscht werden.
Daijouji Shigesuke in "Budo Shoshin Shuu"
--0vzXIDBeUiKkjNJl
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
iD8DBQFDA5KvEfTEHrP7rjMRApGVAJ9IqLfRGSCGuiqx3XBocY1G7DEsyQCaAjvU
RkC6qKbnjoYZVrbS2lpsHcI=
=tHQv
-----END PGP SIGNATURE-----
--0vzXIDBeUiKkjNJl--