2nd SSH instance running on different port

    • OMV 4.x (stable)
    • Resolved
    • 2nd SSH instance running on different port

      Does someone knows what is the best possible way to run a 2nd SSH as instance/service on a different port so that it can be used with OMV and will be usable through upgrades?

      I want to have an alternative SSH service to my system only accessible through public key. This config is no issue, but I need to know how I can add this 2nd SSH service the easiest..

      the purpose is:

      I have a mail in a box device running which needs to rsync over SSH, I do not want to use my normal SSH as this is accessible through password (and public key) but I only want to allow password through local network and not from the dark wild outside world. therefor the public key part.
      4x HP Microserver gen8, 3x with OMV. Puffer: 4x3TB RAID5; Nemo:4x3TB RAID5; Shark: 4x2TB RAID5
    • 2 things preventing it

      1. I do not want to have my SSH available towards my NAS with PWD from the outside (so right now port 9999 (example) is forwarded to 22 where the SSH of OMV is. Port 22 cannot be used as another device is already using this. (this happens if you have 4 HP MicroServer Gen8's at home)
      2. I do access my device from various sources where I am not able to use the key
      3. I can use VPN and here I an use my PWD, but not the key due to 2
      4. I need the key for the rsync but I do not want to have SSH allow PWD through the port where only rsync is allowed
      5. Yes you can configure all kinds of boxes with the keys but it is not simple.

      The most simplest one is, the use a 2nd instance with SSH with own config where only key is allowed on another port.

      but there needs a kind of 'service' available making this possible, and I wonder if the OMV will not break that,
      4x HP Microserver gen8, 3x with OMV. Puffer: 4x3TB RAID5; Nemo:4x3TB RAID5; Shark: 4x2TB RAID5
    • aroundmyroom wrote:

      Does someone knows what is the best possible way to run a 2nd SSH as instance/service on a different port so that it can be used with OMV and will be usable through upgrades?

      I want to have an alternative SSH service to my system only accessible through public key. This config is no issue, but I need to know how I can add this 2nd SSH service the easiest..

      the purpose is:

      I have a mail in a box device running which needs to rsync over SSH, I do not want to use my normal SSH as this is accessible through password (and public key) but I only want to allow password through local network and not from the dark wild outside world. therefor the public key part.
      is perfectly doable. Just take a look at the sftp plugin. If you don’t want to use the plugin then you need to create your own systemd unit file and sshd_config to suit your needs.
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • @subzero79 actually it was easy. First tried the SFTP plugin and saw how it was working, unfortunatly through the frontend the config file is being modified at certain places therefor it was not working the way I needed it.

      In the end

      cp /lib/systemd/system/ssh.service /etc/systemd/system/sshdrsync.service
      modified 1 certain part
      ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd_rsync_config $SSHD_OPTS than copied the standard ssh config from OMV to the sshd_rsync modified the portPlease note that in the ssh file I already had the include part about the public key (where to find).thansystemctl enable sshdrsynd.service and systemctl start sshdrsync.service.ready set and go .. 10 min work .. thanks !
      4x HP Microserver gen8, 3x with OMV. Puffer: 4x3TB RAID5; Nemo:4x3TB RAID5; Shark: 4x2TB RAID5
    • Just as added information:

      aroundmyroom wrote:

      2. I do access my device from various sources where I am not able to use the key
      Curious to know which devices you access it from, that render you unable to use a cert?

      aroundmyroom wrote:

      1. I do not want to have my SSH available towards my NAS with PWD from the outside (so right now port 9999 (example) is forwarded to 22 where the SSH of OMV is. Port 22 cannot be used as another device is already using this. (this happens if you have 4 HP MicroServer Gen8's at home)
      You know that you can force the cert use. Also, despite only beeing 'security-through-obscurity', when the port 22 is not used for ssh, attacks on the different port are nearly non-existent.

      Greetings
      David
      "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"

      Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.


      Upload Logfile via WebGUI/CLI
      #openmediavault on freenode IRC | German & English | GMT+1
      Absolutely no Support via PM!

      I host parts of the omv-extras.org Repository, the OpenMediaVault Live Demo and the pre-built PXE Images. If you want you can take part and help covering the costs by having a look at my profile page.
    • port 22 is using locally without key, port xxx is used without password and with key.

      Today my OMV crashed due to failing USB flash memory with grub and an awful mistake on my side (do not ask)..

      After re-installing OMV 4.x with a new USB flash memory on my HP Gen8 Microserver I re-added my RAID5 and than re-configured the 2nd ssh ..

      now my mail-in-a-box instance can rsync its backup of the mail on my OMV ;)
      4x HP Microserver gen8, 3x with OMV. Puffer: 4x3TB RAID5; Nemo:4x3TB RAID5; Shark: 4x2TB RAID5
    • Users Online 1

      1 Guest