rdomain 中的 OpenBSD sshd

您可以使用 rc.d(8)、rcctl(8)、rc.subr(8) 编写自定义（通过调用route -T4）ssh 守护程序。

在 /etc/rc.conf 中禁用原始 sshd 并放入 /etc/rc.d/rdomainsshd。

/etc/rc.d/rdomainssshd 的模板脚本是：

/usr/ports/infrastructure/templates/rc.template

以下是 OpenBSD 手册页：

• https://man.openbsd.org/rc.d
• https://man.openbsd.org/rc.subr.8
• https://man.openbsd.org/rcctl.8

sshd_config(5)显示：

 ListenAddress
         Specifies the local addresses sshd(8) should listen on.  The
         following forms may be used:

               ListenAddress hostname|address [rdomain domain]
               ListenAddress hostname:port [rdomain domain]
               ListenAddress IPv4_address:port [rdomain domain]
               ListenAddress [hostname|address]:port [rdomain domain]

         The optional rdomain qualifier requests sshd(8) listen in an
         explicit routing domain.  If port is not specified, sshd will
         listen on the address and all Port options specified.  The
         default is to listen on all local addresses on the current
         default routing domain.  Multiple ListenAddress options are
         permitted.  For more information on routing domains, see
         rdomain(4).

因此，请确保您的 sshd 配置具有例如。ListenAddress 0.0.0.0 rdomain 1. 要创建 sshd 的实例，只需执行以下操作：

# ln -s sshd /etc/rc.d/sshd_rdomainX
# rcctl enable sshd_rdomainX
# rcctl set sshd_rdomainX flags -f /etc/ssh/sshd_config-rdomainX

要对其进行测试，请尝试：

mx1#  /usr/sbin/sshd -T -f /tmp/sshd_config  | grep listenaddress
listenaddress 0.0.0.0:22 rdomain 1
mx1# /usr/sbin/sshd -D -d -f /tmp/sshd_config                     
...
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-d'
debug1: rexec_argv[3]='-f'
debug1: rexec_argv[4]='/tmp/sshd_config'
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22 rdomain 1.
...