> -----Original Message----- > From: John Gallagher [mailto:john.gallagher@xxxxxxxxxxxxxx] > > > Part of my original post was that I ran this on FC1. > Actually it is running on FC1, however the same behavior can > be seen if you use the service command to start/stop the one > of the processes. Apparently because the last process > started becomes the PID, the start, stop function of the init > script can effect both processes. > > /var/run/sshd.pid > Contains the process ID of the sshd listening > for connections (if > there are several daemons running concurrently > for different > ports, this contains the process ID of the one > started last). > The content of this file is not sensitive; it > can be world-read- > able. > > Does anyone know of a way to change that behavior short of > compiling another binary that uses another PID? I did some more research on this issue and figured out a work around to the problem above. I thought (incorrectly) that you could define the PID File in the init script because it has a variable for it: PID_FILE=/var/run/sshd.pid It turns out that the init script never sources this variable for any purpose. Man of sshd_config indicated that you could add this option to change the default pid file. PIDFILE /var/run/sshd-ext.pid This in fact created a new PID, however the init script would still kill this process. I am not a shell scripting expert but my guess is that it was killing it because it is doing a killproc on $SSHD -TERM where $SSHD is the path to the executable /usr/sbin/sshd. { echo -n $"Stopping $prog: " if [ -n "`pidfileofproc $SSHD`" ] ; then killproc $SSHD -TERM else failure $"Stopping $prog" fi RETVAL=$? [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd echo } To get it working I needed to do the following: Copy the binary in /usr/sbin/sshd to /usr/sbin/sshd-ext Copy /etc/pam.d/sshd to /etc/pam.d/sshd-ext Modify the init script by replacing sshd with sshd-ext: #!/bin/bash # # Init file for OpenSSH server daemon # # chkconfig: 2345 55 25 # description: OpenSSH server daemon # # processname: sshd-ext # config: /etc/ssh/ssh_host_key # config: /etc/ssh/ssh_host_key.pub # config: /etc/ssh/ssh_random_seed # config: /etc/ssh/sshd_config-ext # pidfile: /var/run/sshd-ext.pid # source function library . /etc/rc.d/init.d/functions # pull in sysconfig settings [ -f /etc/sysconfig/sshd-ext ] && . /etc/sysconfig/sshd-ext RETVAL=0 prog="sshd-ext" # Some functions to make the below more readable KEYGEN=/usr/bin/ssh-keygen SSHD=/usr/sbin/sshd-ext RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key DSA_KEY=/etc/ssh/ssh_host_dsa_key PID_FILE=/var/run/sshd-ext.pid do_rsa1_keygen() { if [ ! -s $RSA1_KEY ]; then echo -n $"Generating SSH1 RSA host key: " if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA1_KEY chmod 644 $RSA1_KEY.pub if [ -x /sbin/restorecon ]; then /sbin/restorecon $RSA1_KEY.pub fi success $"RSA1 key generation" echo else failure $"RSA1 key generation" echo exit 1 fi fi } do_rsa_keygen() { if [ ! -s $RSA_KEY ]; then echo -n $"Generating SSH2 RSA host key: " if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA_KEY chmod 644 $RSA_KEY.pub if [ -x /sbin/restorecon ]; then /sbin/restorecon $RSA_KEY.pub fi success $"RSA key generation" echo else failure $"RSA key generation" echo exit 1 fi fi } do_dsa_keygen() { if [ ! -s $DSA_KEY ]; then echo -n $"Generating SSH2 DSA host key: " if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then chmod 600 $DSA_KEY chmod 644 $DSA_KEY.pub if [ -x /sbin/restorecon ]; then /sbin/restorecon $DSA_KEY.pub fi success $"DSA key generation" echo else failure $"DSA key generation" echo exit 1 fi fi } do_restart_sanity_check() { $SSHD -t RETVAL=$? if [ ! "$RETVAL" = 0 ]; then failure $"Configuration file or keys are invalid" echo fi } start() { # Create keys if necessary do_rsa1_keygen do_rsa_keygen do_dsa_keygen echo -n $"Starting $prog: " $SSHD $OPTIONS && success || failure RETVAL=$? [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd-ext echo } stop() { echo -n $"Stopping $prog: " if [ -n "`pidfileofproc $SSHD`" ] ; then killproc $SSHD -TERM else failure $"Stopping $prog" fi RETVAL=$? [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd-ext echo } reload() { echo -n $"Reloading $prog: " if [ -n "`pidfileofproc $SSHD`" ] ; then killproc $SSHD -HUP else failure $"Reloading $prog" fi RETVAL=$? echo } case "$1" in start) start ;; stop) stop ;; restart) stop start ;; reload) reload ;; condrestart) if [ -f /var/lock/subsys/sshd-ext] ; then do_restart_sanity_check if [ "$RETVAL" = 0 ] ; then stop # avoid race sleep 3 start fi fi ;; status) status $SSHD RETVAL=$? ;; *) echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}" RETVAL=1 esac exit $RETVAL
