2 sshd configurations 1 for internal and 1 external

ssh sshd

How can I setup open ssh server so that if i'm ssh'ng from a local lan I want it to be via port 22 but if I'm coming externally its via port 12345 for example.

Then for external access I'd like some different (stricter) rules in sshd_config


Solution 1:

Eric Carvalho's answer works for pre 15.04 but they deprecated and then removed upstart from Ubuntu, SystemdForUpstartUsers.

These steps have been adapted to work with systemd.

  1. Copy the SSH configuration file:

    sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_external

  2. Copy the systemd configuration file:

    sudo cp /lib/systemd/system/ssh.service /lib/systemd/system/sshd-external.service

    in the new file (/lib/systemd/system/sshd-external.service) change the line:

    ExecStart=/usr/sbin/sshd -D $SSHD_OPTS

    to:

    ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sshd_config_external

    and the line:

    Alias=sshd.service

    to:

    Alias=sshd-external.service

  3. Now customize /etc/ssh/sshd_config_external to your needs (e.g. change Port 22 to Port 12345)

  4. enable the service

    sudo ln -s /lib/systemd/system/ssh-external.service /etc/systemd/system/sshd-external.service

    If you have run the above command then run sudo systemctl disable sshd-external.service before running the next command

    sudo systemctl enable sshd-external.service

    sudo service sshd-external start

This has been tested on Ubuntu 16.04 on real hardware and a virtual machine in virtualbox.

Let me know if this doesn't work. I've been known to make typos.

Solution 2:

Create another SSH service instance.

  1. Copy the SSH configuration file:

    sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_external

  2. Copy the upstart configuration file:

    sudo cp /etc/init/ssh.conf /etc/init/ssh-external.conf

    In the new file (ssh-external.conf), change the line:

    mkdir -p -m0755 /var/run/sshd

    to:

    mkdir -p -m0755 /var/run/sshd-external

    And change the line:

    exec /usr/sbin/sshd -D

    to:

    exec /usr/sbin/sshd -D -f /etc/ssh/sshd_config_external

  3. Create the link to upstart:

    sudo ln -s /lib/init/upstart-job /etc/init.d/ssh-external

Now customize /etc/ssh/sshd_config_external to your needs (e.g. change Port 22 to Port 12345) and start the service:

sudo service ssh-external start

Related

Xfce - GUI for File Compression?
Custom font with dmenu
Do I have to use Thunderbird to get email notifications?
How to solve General error: 2006 MySQL server has gone away
How to refresh an Entity Framework Core DBContext?
MySQL Calculate Percentage
Retrofit2: Modifying request body in OkHttp Interceptor
How to convert Excel XLS to CSV using PHP
SequelizeConnectionError: self signed certificate
Debounce function in jQuery
Matching partial ids in BeautifulSoup
how to get the base url from jsp request object?