> 4192 /usr/sbin/sftpd is likely unrelated to OpenSSH.
> I guess that this is a TLS FTP server.
> Try ps fax to see process relationships.
>
> The "sftpd:" prefix for the sshd processes may be related to SELinux;
> nothing in OpenSSH is called sftpd, except the "sftpd_t" SELinux context.
Sorry Peter I should have explained this at once.
To have a clean seperation of the standard sshd service on port 22 and our sftp server that listens on another port,
and both have and shall have really nothing to do which each other,
I created a new sshd instance named "sftpd":
/usr/sbin/sftpd is a symlink to /usr/sbin/sshd
Copied /etc/ssh/ and /etc/default/ssh to /etc/sftpd/ and /etc/default/sftpd
Copied /lib/systemd/system/ssh.service to /etc/systemd/system/sftpd.service
end replaced in the copy all occurences of regex "sshd?" with sftpd
E.g.
[Service]
EnvironmentFile=-/etc/default/sftpd
ExecStartPre=/usr/sbin/sftpd -t
ExecStart=/usr/sbin/sftpd -D $SFTPD_OPTS -f /etc/sftpd/sftpd_config
Important for correct autostart of sftpd on boot is:
[Unit]
After=network.target auditd.service sshd.service
Because sftpd needs to be started after sshd because only sshd creates /run/sshd/
and that is needed by sftpd (hard compiled in sshd).
Pitfall:
When stopping sshd /run/sshd/ gets deleted and you get the following sftpd error:
fatal: Missing privilege separation directory: /run/sshd
and sftpd does not accept new connections anymore etc.
Here ps fax output :)
12981 ? Ss 0:02 /usr/sbin/sftpd -D -f /etc/sftpd/sftpd_config
18846 ? Ss 0:00 \_ sftpd: sftp_nagios [priv]
18848 ? S 0:00 \_ sftpd: sftp_nagios@notty
18849 ? Ss 0:00 \_ sftpd: sftp_nagios@internal-sftp
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> I guess that this is a TLS FTP server.
> Try ps fax to see process relationships.
>
> The "sftpd:" prefix for the sshd processes may be related to SELinux;
> nothing in OpenSSH is called sftpd, except the "sftpd_t" SELinux context.
Sorry Peter I should have explained this at once.
To have a clean seperation of the standard sshd service on port 22 and our sftp server that listens on another port,
and both have and shall have really nothing to do which each other,
I created a new sshd instance named "sftpd":
/usr/sbin/sftpd is a symlink to /usr/sbin/sshd
Copied /etc/ssh/ and /etc/default/ssh to /etc/sftpd/ and /etc/default/sftpd
Copied /lib/systemd/system/ssh.service to /etc/systemd/system/sftpd.service
end replaced in the copy all occurences of regex "sshd?" with sftpd
E.g.
[Service]
EnvironmentFile=-/etc/default/sftpd
ExecStartPre=/usr/sbin/sftpd -t
ExecStart=/usr/sbin/sftpd -D $SFTPD_OPTS -f /etc/sftpd/sftpd_config
Important for correct autostart of sftpd on boot is:
[Unit]
After=network.target auditd.service sshd.service
Because sftpd needs to be started after sshd because only sshd creates /run/sshd/
and that is needed by sftpd (hard compiled in sshd).
Pitfall:
When stopping sshd /run/sshd/ gets deleted and you get the following sftpd error:
fatal: Missing privilege separation directory: /run/sshd
and sftpd does not accept new connections anymore etc.
Here ps fax output :)
12981 ? Ss 0:02 /usr/sbin/sftpd -D -f /etc/sftpd/sftpd_config
18846 ? Ss 0:00 \_ sftpd: sftp_nagios [priv]
18848 ? S 0:00 \_ sftpd: sftp_nagios@notty
18849 ? Ss 0:00 \_ sftpd: sftp_nagios@internal-sftp
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev