debian: run a separate sshd in mgmt VRF
Leave the default sshd alone. If ssh is not necessary in default VRF, another role should disable it.
This commit is contained in:
parent
c9479cc786
commit
5da50c14f9
4 changed files with 45 additions and 19 deletions
16
roles/debian/files/sshd@mgmt.service
Normal file
16
roles/debian/files/sshd@mgmt.service
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
[Unit]
|
||||
Description=OpenBSD Secure Shell server (management VRF)
|
||||
After=network.target auditd.service
|
||||
|
||||
[Service]
|
||||
ExecStartPre=/usr/sbin/sshd -t
|
||||
ExecStart=ip vrf exec mgmt /usr/sbin/sshd -f /etc/ssh/sshd_config.mgmt
|
||||
ExecReload=/usr/sbin/sshd -t
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
KillMode=process
|
||||
Restart=on-failure
|
||||
RestartPreventExitStatus=255
|
||||
Type=notify
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
Add table
Add a link
Reference in a new issue