Using CA AppLogic® › Appliance Developer Guide › Appliance Kit › Appliance Cookbook › Creating a VPS Template › Setting up two SSH server instances

Setting up two SSH server instances

In this step we set up a secondary SSH sever, so that the VPS is accessible both to the client that rents it, and to the provider of the VPS (as well as to administrators of the grid itself), while each SSH instance maintains its own configuration and changes to it do not interfere with the operation of the other instance. The primary SSH instance, as configured by the OS install is left for use by the VPS users and is configurable by them. The secondary instance is dedicated to access from the grid, for the VPS provider / administrator.

Note that the actual setup may vary with OS type and SSH server version. The examples here assume the OS is unix-style and the server is OpenSSH.

The two instances of the SSH server can be configured with different security settings, to match specific needs of the VPS user.

1. Copy the configuration of sshd into a new sub-directory, for example:
   mkdir /etc/ssh_grid
   cp /etc/ssh/sshd_config /etc/ssh_grid
2. Edit the original configuration file (/etc/ssh/sshd_config) and:
   • remove all ListenAddress directives, if any
   • add the following lines to the configuration file (with no empty lines between them):
     # $$propN: 1111:primary_ip
     ListenAddress 1111
3. Edit the copied configuration file (/etc/ssh_grid/sshd_config) and make the following changes:
   • disable reverse DNS lookups:
     UseDNS no (or LookupClientHostnames no on some SSH implementations)
   • disable password logins:
     PasswordAuthentication no
   • allow root login (with key only):
     PermitRootLogin without-password
   • set a custom key file name, which works only for root:
     AuthorizedKeysFile /root/.ssh/alt_authorized_keys
   • disable GSSAPI authentication (cannot be used from the CA AppLogic® controller):
     GSSAPIAuthentication no
   • remove all ListenAddress options
4. Create a new auto-start script for the second ssh server, with the following commands in it:
   # get service IP address
   f=/var/run/applogic/appliance.desc
   p=instance:`udlparse elst $f instance`/interface:default
   addr=`udlparse get $f $p/ip`
   
   # start ssh daemon
   sshd -f /etc/ssh_grid/sshd_config -o ListenAddress=$addr