Setting up an SSHD failover daemon

Tune your SSH daemon as usual e.g.

cd /etc/ssh/
mv -i sshd_config sshd_config.dist
sed '/^#/d; /^$/d' sshd_config.dist > sshd_config
vi sshd_config

Port XXX
#AddressFamily inet
#ListenAddress x.x.x.x
AllowGroups wheel
PermitRootLogin without-password
PasswordAuthentication no
StrictModes yes
X11Forwarding no
UsePam no

Create a failover config with other PORT and PID,

cp -pi sshd_config sshd_config.failover
vi  sshd_config.failover

Port ALT_PORT
PidFile /var/run/sshd.failover.pid

Open ALT_PORT to listen on the network interface (CentOS7+ example),

firewall-cmd --zone=public --add-port=ALT_PORT/tcp --permanent

Start the daemon,

ls -lhF /var/run/sshd*
/usr/sbin/sshd -f /etc/ssh/sshd_config.failover
ps aux | grep failover
netstat -antupe --inet --inet6 | grep ALT_PORT

and enable it at startup (rc.local still works on CentOS7),

cd /etc/
cp -pi rc.local rc.local.dist
vi rc.local

echo -n starting a failover ssh daemon...
/usr/sbin/sshd -f /etc/ssh/sshd_config.failover && echo done

#no need to make it executable