Subject: Re: running a second sshd
To: Andy Ruhl <>
From: Stefan 'Kaishakunin' Schumacher <>
List: netbsd-users
Date: 08/17/2005 21:40:31
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Also sprach Andy Ruhl (
> On 8/17/05, Steven M. Bellovin <> wrote:
> Is it your goal to just listen on 2 ports or actually run a totally
> separate instance? If the later, do you mind if I ask why?

Multiple sshd instances can be useful if you want redundancy for
security reasons (even sshd might crash or hang, so a fallback
solution is required) or if you want to use several instances for
several users/groups.=20

On our PostgreSQL server, three instances of sshd listen,=20
one on :22 and another on :443, they are the same and
:443 serves as a fallback solution. Additionally, both are set to
accept PubKey only and allow only my user, to avoid dictionary
attacks. A third sshd listens on the internal NIC for the institutes
members, it is filtered with ipf to allow only specified clients and
it does allow password based authentication.

BTW: sometime ago I wrote a German explanation of the sshd.config
options, it can be fount at

PGP FPR: CF74 D5F2 4871 3E5C FFFE 0130 11F4 C41E B3FB AE33
Der Geist des Kriegers sollte mit Beginn des Neujahrstages bis zum Ende=20
des Jahres vom Gedanken an seinen Tod beherrscht werden.

Daijouji Shigesuke in "Budo Shoshin Shuu"

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.1 (NetBSD)