I have a port 22 open towards a device allowing me to logon. I have mutiple other devices also with SSH but I do not want them available over the internet. This is fine as long as you do nothing in your portforwarding.

But as I wrote earlier in a previous post: I need SSH for my RSYNC backup. This cannot run on port 22 as the device where port 22 is open is not the device running what is the target for the RSYNC job.

So we do configure openmediavault (4.x) to have 2x a SSH instanc running on a different port with a different configuration

The 2nd instance allows only a login with public key. All other logins are disabled.

Simple steps:

cp /lib/systemd/system/ssh.service /etc/systemd/system/sshdrsync.service
modified 1 certain part in the target file:
ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd_rsync_config $SSHD_OPTS

than copied the standard ssh config from OMV to the sshd_rsync where I modified the port to the port it needs to run on.

this you can find in /etc/ssh

Please note that in the ssh file I already had the include part about the public key (where to find it).

than: 2 commands:

systemctl enable sshdrsynd.service

systemctl start sshdrsync.service

ready set and go .. 10 min work. (testing is simple ssh to the new port, your login will tell you that it is only allowing with public key.