2nd SSH instance running on different port

  • Does someone knows what is the best possible way to run a 2nd SSH as instance/service on a different port so that it can be used with OMV and will be usable through upgrades?


    I want to have an alternative SSH service to my system only accessible through public key. This config is no issue, but I need to know how I can add this 2nd SSH service the easiest..


    the purpose is:


    I have a mail in a box device running which needs to rsync over SSH, I do not want to use my normal SSH as this is accessible through password (and public key) but I only want to allow password through local network and not from the dark wild outside world. therefor the public key part.

    5x HP Microserver Gen8, 4x with OMV. (3x OMV4 and 1x OMV5)

    (Busy with migrating to 1 NAS) Puffer: 4x3TB RAID5; Nemo:4x3TB RAID5; Shark: 4x2TB RAID5 and Whale: 4x10TB UNIONFS with SNAPRAID

  • 2 things preventing it


    1. I do not want to have my SSH available towards my NAS with PWD from the outside (so right now port 9999 (example) is forwarded to 22 where the SSH of OMV is. Port 22 cannot be used as another device is already using this. (this happens if you have 4 HP MicroServer Gen8's at home)
    2. I do access my device from various sources where I am not able to use the key
    3. I can use VPN and here I an use my PWD, but not the key due to 2
    4. I need the key for the rsync but I do not want to have SSH allow PWD through the port where only rsync is allowed
    5. Yes you can configure all kinds of boxes with the keys but it is not simple.


    The most simplest one is, the use a 2nd instance with SSH with own config where only key is allowed on another port.


    but there needs a kind of 'service' available making this possible, and I wonder if the OMV will not break that,

    5x HP Microserver Gen8, 4x with OMV. (3x OMV4 and 1x OMV5)

    (Busy with migrating to 1 NAS) Puffer: 4x3TB RAID5; Nemo:4x3TB RAID5; Shark: 4x2TB RAID5 and Whale: 4x10TB UNIONFS with SNAPRAID

  • is perfectly doable. Just take a look at the sftp plugin. If you don’t want to use the plugin then you need to create your own systemd unit file and sshd_config to suit your needs.

  • @subzero79 actually it was easy. First tried the SFTP plugin and saw how it was working, unfortunatly through the frontend the config file is being modified at certain places therefor it was not working the way I needed it.


    In the end


    cp /lib/systemd/system/ssh.service /etc/systemd/system/sshdrsync.service
    modified 1 certain part
    ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd_rsync_config $SSHD_OPTS than copied the standard ssh config from OMV to the sshd_rsync modified the portPlease note that in the ssh file I already had the include part about the public key (where to find).thansystemctl enable sshdrsynd.service and systemctl start sshdrsync.service.ready set and go .. 10 min work .. thanks !

    5x HP Microserver Gen8, 4x with OMV. (3x OMV4 and 1x OMV5)

    (Busy with migrating to 1 NAS) Puffer: 4x3TB RAID5; Nemo:4x3TB RAID5; Shark: 4x2TB RAID5 and Whale: 4x10TB UNIONFS with SNAPRAID

  • Just as added information:

    2. I do access my device from various sources where I am not able to use the key

    Curious to know which devices you access it from, that render you unable to use a cert?


    1. I do not want to have my SSH available towards my NAS with PWD from the outside (so right now port 9999 (example) is forwarded to 22 where the SSH of OMV is. Port 22 cannot be used as another device is already using this. (this happens if you have 4 HP MicroServer Gen8's at home)

    You know that you can force the cert use. Also, despite only beeing 'security-through-obscurity', when the port 22 is not used for ssh, attacks on the different port are nearly non-existent.


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • port 22 is using locally without key, port xxx is used without password and with key.


    Today my OMV crashed due to failing USB flash memory with grub and an awful mistake on my side (do not ask)..


    After re-installing OMV 4.x with a new USB flash memory on my HP Gen8 Microserver I re-added my RAID5 and than re-configured the 2nd ssh ..


    now my mail-in-a-box instance can rsync its backup of the mail on my OMV ;)

    5x HP Microserver Gen8, 4x with OMV. (3x OMV4 and 1x OMV5)

    (Busy with migrating to 1 NAS) Puffer: 4x3TB RAID5; Nemo:4x3TB RAID5; Shark: 4x2TB RAID5 and Whale: 4x10TB UNIONFS with SNAPRAID

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!