Setting up an SSHD failover daemon in Ubuntu

A simple post on setting up a secondary (failover/redundant) SSH daemon within Ubuntu. This post assumes you already have SSHD running.

This works with Ubuntu releases 16.04, 16.10 and 17.04

  1. Copy existing sshd config file to failover config file
    # cd /etc/ssh
    # cp sshd_config sshd_config.failover
  2. Edit the sshd_config.failover config file:
    • Change Port from default to ALT_PORT, for example from:
      Port 22
      to
      Port 1234
    • Change PidFile from
      #PidFile /var/run/sshd.pid
      to
      PidFile /var/run/sshd.failover.pid
  3. If you have a firewall installed, open the ALT_PORT to listen on the network interface. For example using iptables:
    # iptables -A INPUT -p tcp -m tcp --dport 1234 -j ACCEPT
    change the 1234 to match your assigned ALT_PORT
  4. Create new startup script for failover
    # cd /lib/systemd/system
    # cp ssh.service sshd.failover.service
  5. Edit sshd.failover.service file:
    • Change ExecStart from
      ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
      to
      ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sshd_config.failover
    • Change Alias from
      Alias=sshd.service
      to
      Alias=sshd.failover.service
  6. Enable and start the new SSHD failover service
    # systemctl enable sshd.failover
    # systemctl start sshd.failover