I'm currently running two instances of ssh, but I just duplicated the
whole SMF service because I didn't know any better at the time, and
while it works, using instances sounds preferrable. It looks like in
your patch, though, you didn't make PIDFILE unique so it will be
clobbered by multiple instances (I suppose the services will start
up ok but only one will get killed correctly if you try stopping
them).
Chad
On Wed, Sep 05, 2012 at 02:38:46AM +0200, Darren Reed wrote:
> So far as I can tell, the ssh service that runs sshd does not elegantly
> support multiple instances of ssh on a single host. With SMF, it should
> be as simple as creating another instance of svc:/network/ssh, setting
> the config file to something different and progressing from there.
> Presently it is not that simple.
>
> Before I submit a bug (with the patch below), I'm curious if any others
> have looked at solving this problem or if they've got thoughts on how it
> should be solved.
>
> Cheers,
> Darren
>
> --- sshd.orig Wed Sep 5 09:56:35 2012
> +++ sshd Wed Sep 5 10:02:36 2012
> @@ -1,13 +1,20 @@
> #!/sbin/sh
> #
> # Copyright 2004 Sun Microsystems, Inc. All rights reserved.
> +# Copyrigth 2012 Darren Reed. All rights reserved.
> # Use is subject to license terms.
> #
> # ident "@(#)sshd 1.4 04/11/17 SMI"
>
> -SSHDIR=/etc/ssh
> KEYGEN="/usr/bin/ssh-keygen -q"
> PIDFILE=/var/run/sshd.pid
> +ENTITIES=`svcprop -c -p config_data/entities ${FMRI} 2>/dev/null`
> +if [ -n "$ENTITIES" ] ; then
> + SSHDCONFIG=`expr "${ENTITIES}" : '[^/]*/[^/]*/[^/]*\(.*\)'`
> +else
> + SSHDCONFIG=/etc/ssh/sshd_config
> +fi
> +SSHDIR=`dirname "$SSHDCONFIG"`
>
> # Checks to see if RSA, and DSA host keys are available
> # if any of these keys are not present, the respective keys are
> created.
> @@ -17,10 +24,10 @@
> keytype=$2
>
> if [ ! -f $keypath ]; then
> - grep "^HostKey $keypath" $SSHDIR/sshd_config > /dev/null
> 2>&1
> + grep "^HostKey $keypath" "$SSHDCONFIG" > /dev/null 2>&1
> if [ $? -eq 0 ]; then
> echo Creating new $keytype public/private host
> key pair
> - $KEYGEN -f $keypath -t $keytype -N ''
> + $KEYGEN -f "$keypath" -t "$keytype" -N ''
> return $?
> fi
> fi
> @@ -38,8 +45,10 @@
> case $1 in
> # sysidconfig/sys-unconfig arguments (-c and -u)
> '-c')
> - create_key $SSHDIR/ssh_host_rsa_key rsa
> - create_key $SSHDIR/ssh_host_dsa_key dsa
> + for keyfile in `awk '/^HostKey/ { print $2; } ' "$SSHD_CONFIG"`;
> do
> + type=`expr "$keyfile" : '.*_\([rd]sa\)_.*'`
> + create_key "$keyfile" "$type"
> + done
> ;;
>
> '-u')
> @@ -50,12 +59,12 @@
>
> # SMF arguments (start and restart [really "refresh"])
> 'start')
> - /usr/lib/ssh/sshd
> + /usr/lib/ssh/sshd -f "$SSHDCONFIG"
> ;;
>
> 'restart')
> if [ -f "$PIDFILE" ]; then
> - /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
> + /usr/bin/kill -HUP `/usr/bin/cat "$PIDFILE"`
> fi
> ;;
>
>
> -------------------------------------------
> illumos-discuss
> Archives: https://www.listbox.com/member/archive/182180/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175466-b92566e8
> Modify Your Subscription: https://www.listbox.com/member/?&;
> Powered by Listbox: http://www.listbox.com
-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be
Modify Your Subscription:
https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4
Powered by Listbox: http://www.listbox.com
