rdomain 中的 OpenBSD sshd

Question 1

sshd_config(5)显示：

 ListenAddress
         Specifies the local addresses sshd(8) should listen on.  The
         following forms may be used:

               ListenAddress hostname|address [rdomain domain]
               ListenAddress hostname:port [rdomain domain]
               ListenAddress IPv4_address:port [rdomain domain]
               ListenAddress [hostname|address]:port [rdomain domain]

         The optional rdomain qualifier requests sshd(8) listen in an
         explicit routing domain.  If port is not specified, sshd will
         listen on the address and all Port options specified.  The
         default is to listen on all local addresses on the current
         default routing domain.  Multiple ListenAddress options are
         permitted.  For more information on routing domains, see
         rdomain(4).

因此请确保您的 sshd 配置有例如。ListenAddress 0.0.0.0 rdomain 1要创建 sshd 实例，只需执行以下操作：

# ln -s sshd /etc/rc.d/sshd_rdomainX
# rcctl enable sshd_rdomainX
# rcctl set sshd_rdomainX flags -f /etc/ssh/sshd_config-rdomainX

要测试它，请尝试：

mx1#  /usr/sbin/sshd -T -f /tmp/sshd_config  | grep listenaddress
listenaddress 0.0.0.0:22 rdomain 1
mx1# /usr/sbin/sshd -D -d -f /tmp/sshd_config                     
...
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-d'
debug1: rexec_argv[3]='-f'
debug1: rexec_argv[4]='/tmp/sshd_config'
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22 rdomain 1.
...

Answer

sshd_config(5)显示：

 ListenAddress
         Specifies the local addresses sshd(8) should listen on.  The
         following forms may be used:

               ListenAddress hostname|address [rdomain domain]
               ListenAddress hostname:port [rdomain domain]
               ListenAddress IPv4_address:port [rdomain domain]
               ListenAddress [hostname|address]:port [rdomain domain]

         The optional rdomain qualifier requests sshd(8) listen in an
         explicit routing domain.  If port is not specified, sshd will
         listen on the address and all Port options specified.  The
         default is to listen on all local addresses on the current
         default routing domain.  Multiple ListenAddress options are
         permitted.  For more information on routing domains, see
         rdomain(4).

因此请确保您的 sshd 配置有例如。ListenAddress 0.0.0.0 rdomain 1要创建 sshd 实例，只需执行以下操作：

# ln -s sshd /etc/rc.d/sshd_rdomainX
# rcctl enable sshd_rdomainX
# rcctl set sshd_rdomainX flags -f /etc/ssh/sshd_config-rdomainX

要测试它，请尝试：

mx1#  /usr/sbin/sshd -T -f /tmp/sshd_config  | grep listenaddress
listenaddress 0.0.0.0:22 rdomain 1
mx1# /usr/sbin/sshd -D -d -f /tmp/sshd_config                     
...
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-d'
debug1: rexec_argv[3]='-f'
debug1: rexec_argv[4]='/tmp/sshd_config'
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22 rdomain 1.
...

Question 2

route -T4您可以使用 rc.d(8)、rcctl(8)、rc.subr(8)编写定制的（通过调用）ssh 守护进程。

在 /etc/rc.conf 中禁用原始 sshd，并将 /etc/rc.d/rdomainsshd 放入。

/etc/rc.d/rdomainssshd 的模板脚本是：

/usr/ports/infrastructure/templates/rc.template

以下是 OpenBSD 手册页：

Answer