at the moment i use ssh to administrate a suse linux 9.3 server from the local network. the sshd is not accessible from any externel interface. (the server acts as gateway to the internet) but now exists a need of getting access to a service of one client machine from the internet, which i want to be secured via ssh-tunnel. the problem now is that i want different options for ssh listening on the local interface and the external one. for example the login from the external if should only be possible for a special group with key-athentication and should not listen on port 22 while the login from the internal network should be less secured and can accessible via a normal password-auth. whats the best way to do this? should i start 2 sshd and create a 2nd (rc)sshd in init.d with different options?
whats the best way to do this? should i start 2 sshd and create a 2nd (rc)sshd in init.d with different options?
--> you can create a copy of "/etc/init.d/sshd" and tell this copy to start the SSHD daemon with a different configuration file like: startproc ... /usr/sbin/sshd -f /etc/ssh/sshd_config_external ...
Then you can use "insserv sshd_external" to create the necessary run-level links.
Make sure you change "$SSHD_PIDFILE" as well so that "/etc/init.d/sshd_external stop" will kill the right SSHD process.
Have fun! Armin