Aw: Re: Howto log multiple sftpd instances with their chroot shared via NFS

Hildegard Meier daku8938 at
Thu Sep 30 15:43:19 AEST 2021

> 4192 /usr/sbin/sftpd is likely unrelated to OpenSSH.
> I guess that this is a TLS FTP server.
> Try  ps fax  to see process relationships.
> The "sftpd:" prefix for the sshd processes may be related to SELinux;
> nothing in OpenSSH is called sftpd, except the "sftpd_t" SELinux context.

Sorry Peter I should have explained this at once.

To have a clean seperation of the standard sshd service on port 22 and our sftp server that listens on another port,
and both have and shall have really nothing to do which each other,
I created a new sshd instance named "sftpd":

/usr/sbin/sftpd is a symlink to /usr/sbin/sshd

Copied /etc/ssh/ and /etc/default/ssh to /etc/sftpd/ and /etc/default/sftpd

Copied /lib/systemd/system/ssh.service to /etc/systemd/system/sftpd.service

end replaced in the copy all occurences of regex "sshd?" with sftpd


ExecStartPre=/usr/sbin/sftpd -t
ExecStart=/usr/sbin/sftpd -D $SFTPD_OPTS -f /etc/sftpd/sftpd_config

Important for correct autostart of sftpd on boot is:
[Unit] auditd.service sshd.service

Because sftpd needs to be started after sshd because only sshd creates /run/sshd/
and that is needed by sftpd (hard compiled in sshd).

When stopping sshd /run/sshd/ gets deleted and you get the following sftpd error:
fatal: Missing privilege separation directory: /run/sshd
and sftpd does not accept new connections anymore etc.

Here ps fax output :)

12981 ?        Ss     0:02 /usr/sbin/sftpd -D -f /etc/sftpd/sftpd_config
18846 ?        Ss     0:00  \_ sftpd: sftp_nagios [priv]
18848 ?        S      0:00      \_ sftpd: sftp_nagios at notty
18849 ?        Ss     0:00          \_ sftpd: sftp_nagios at internal-sftp

More information about the openssh-unix-dev mailing list