Linux Administration Cookbook
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

How to do it...

First, we're going to make a copy of our initial configuration file:

[vagrant@centos2 ~]$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_2020

Then, we're going to make a couple of changes:

[vagrant@centos2 ~]$ sudo sed -i 's#\#Port 22#Port 2020#g' /etc/ssh/sshd_config_2020
[vagrant@centos2 ~]$ sudo sed -i 's#\#PidFile /var/run/sshd.pid#PidFile /var/run/sshd_2020.pid#g' /etc/ssh/sshd_config_2020

Now, we're going to copy our systemd unit file:

[vagrant@centos2 ~]$ sudo cp /usr/lib/systemd/system/sshd.service  /etc/systemd/system/sshd_2020.service

Then, we're going to make some changes here:

[vagrant@centos2 ~]$ sudo sed -i 's#OpenSSH server daemon#OpenSSH server daemon on port 2020#g' /etc/systemd/system/sshd_2020.service
[vagrant@centos2 ~]$ sudo sed -i 's#EnvironmentFile=/etc/sysconfig/sshd#EnvironmentFile=/etc/sysconfig/sshd_2020#g' /etc/systemd/system/sshd_2020.service

Copy the old environment file to a new one:

[vagrant@centos2 ~]$ sudo cp /etc/sysconfig/sshd /etc/sysconfig/sshd_2020

Then, point this environment file to our new configuration file:

[vagrant@centos2 ~]$ sudo sed -i 's#OPTIONS="-u0"#OPTIONS="-u0 -f /etc/ssh/sshd_config_2020"#g' /etc/sysconfig/sshd_2020

Tell SELinux we're going to be running an SSH daemon on 2020:

[vagrant@centos2 ~]$ sudo semanage port -a -t ssh_port_t -p tcp 2020

Tell systemd we've made changes:

[vagrant@centos2 ~]$ sudo systemctl daemon-reload

Start and enable our second server:

[vagrant@centos2 ~]$ sudo systemctl enable sshd_2020
Created symlink from /etc/systemd/system/multi-user.target.wants/sshd_2020.service to /etc/systemd/system/sshd_2020.service.
[vagrant@centos2 ~]$ sudo systemctl start sshd_2020

Check it's running by SSH'ing from centos1:

[vagrant@centos1 ~]$ ssh 192.168.33.11
The authenticity of host '192.168.33.11 (192.168.33.11)' can't be established.
ECDSA key fingerprint is SHA256:I67oI3+08lhdO2ibnoC+z2hzYtvfi9NQAmGxyzxjsI8.
ECDSA key fingerprint is MD5:03:68:ed:a2:b5:5d:57:88:61:4e:86:28:c3:75:28:fa.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.33.11' (ECDSA) to the list of known hosts.
vagrant@192.168.33.11's password: 
Last login: Thu Aug  9 16:24:50 2018 from 10.0.2.2
[vagrant@centos2 ~]$ logout
Connection to 192.168.33.11 closed.
[vagrant@centos1 ~]$ ssh 192.168.33.11 -p2020
vagrant@192.168.33.11's password: 
Last login: Thu Aug  9 16:40:55 2018 from 192.168.33.10
[vagrant@centos2 ~]$
Remember when we were looking at host keys before? What we can see in the preceding code is that both the port 22 server and 2020 server are sharing host keys, as we were only asked to accept them once.
上一章目录下一章