sshd_new_instance.sh

#!/bin/bash
#
#                                      |
#                                  ___/"\___
#                          __________/ o \__________
#                            (I) (G) \___/ (O) (R)
#                                Igor Oseledko
#                              igor@comradegeneral.com
#                                 2019-03-25
# ----------------------------------------------------------------------------
# Generate secondary SSHd service on CentOS 5 & 6
#
# CHANGE CONTROL
# ----------------------------------------------------------------------------
# 2019-03-25  igor  wrote this script
# ----------------------------------------------------------------------------

function func_configure() {
  confdir="/etc/ssh"
  echo -n "Name the new sshd instance: "
  read instance_name
  echo -n "Specify the port for sshd-${instance_name}: "
  read instance_port
  confile="${confdir}/sshd_config-${instance_name}"
  initdfile="/etc/rc.d/init.d/sshd-${instance_name}"
}

function func_validate() {
  re='^[0-9]+$'
  if [ -z "${instance_name}" ] || [ -z "${instance_port}" ]
  then
    echo "Invalid instance name or port: ${instance_name:-null}; ${instance_port:-null}. Exiting..."
    exit 1
  fi

  if ! [[ "${instance_port}" =~ ^[0-9]+$ ]]
  then
    echo "Invalid port: ${instance_port}. Exiting..."
    exit 1
  fi

  if [ ${instance_port} -lt 1 ] || [ ${instance_port} -gt 65535 ]
  then
    echo "Invalid port: ${instance_name}. Exiting..."
    exit 1
  fi

  if [ $(lsof -i :${instance_port} | wc -l) -gt 0 ]
  then
    echo "Port ${instance_port} is already in use. Exiting..."
    exit 1
  fi

  if [ -f "${confile}" ]
  then
    echo "Configuration file ${confile} already exists. Exiting..."
    exit 1
  fi
}

function func_config_do() {
  /bin/cp -p "${confdir}/sshd_config" "${confile}"
  sed -i "s@^#Port 22@Port ${instance_port}@g" "${confile}"
  sed -i "s@^#PidFile /var/run/sshd.pid@PidFile /var/run/sshd-${instance_name}.pid@g" "${confile}"
  ln -s /usr/sbin/sshd /usr/sbin/sshd-${instance_name}
  /bin/cp /etc/rc.d/init.d/sshd /etc/rc.d/init.d/sshd-${instance_name}
  sed -i "s@^# config: /etc/ssh/sshd_config@# config: /etc/ssh/sshd_config-${instance_name}@g" "${initdfile}"
  sed -i "s@^# pidfile: /var/run/sshd.pid@# pidfile: /var/run/sshd-${instance_name}.pid@g" "${initdfile}"
  sed -i "s@\[ -f /etc/sysconfig/sshd \] \&\& \. /etc/sysconfig/sshd@\[ -f /etc/sysconfig/sshd-${instance_name} \] \&\& . /etc/sysconfig/sshd-${instance_name}@g" "${initdfile}"
  sed -i "s@^prog=\"sshd\"@prog=\"sshd-${instance_name}\"@g" "${initdfile}"
  sed -i "s@^SSHD=/usr/sbin/sshd@SSHD=/usr/sbin/sshd-${instance_name}@g" "${initdfile}"
  sed -i "s@^PID_FILE=/var/run/sshd.pid@PID_FILE=/var/run/sshd-${instance_name}.pid@g" "${initdfile}"
  sed -i "s@\[ -f /etc/ssh/sshd_config \]@\[ -f /etc/ssh/sshd_config-${instance_name} \]@g" "${initdfile}"
  echo "OPTIONS=\"-f /etc/ssh/sshd_config-${instance_name}\"" > "/etc/sysconfig/sshd-${instance_name}"
  /bin/cp -p /etc/pam.d/sshd /etc/pam.d/sshd-${instance_name} 2>/dev/null
}

function func_iptables_add() {
  if [ $(/sbin/iptables -S | grep -Ec  "^-A INPUT.*(ACCEPT|DROP)") -gt 0 ]
  then
    /sbin/iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${instance_port} -j ACCEPT
    /sbin/service iptables save
  fi
}

function func_enable() {
  /sbin/chkconfig --add sshd-${instance_name}
  /sbin/service sshd restart
  /sbin/service sshd-${instance_name} start
  if [ $(lsof -i :${instance_port} | wc -l) -eq 0 ]
  then
    echo "Something didn't work. Exiting..."
    exit 1
  else
    echo "sshd-${instance_name} is active:"
    lsof -i :${instance_port}
  fi
}

# ----------------------------------------------------------------------------
# RUNTIME
# \(^_^)/                                      __|__
#                                     __|__ *---o0o---*
#                            __|__ *---o0o---*
#                         *---o0o---*
# ----------------------------------------------------------------------------
func_configure
func_validate
func_config_do
func_iptables_add
func_enable