RE: jail and networking
On Thu, 21 Feb 2013, Shane Ambler wrote: > On 22/02/2013 05:52, Devin Teske wrote: > > > What I find strange is that: > > > > 1. I knew about ListenAddress w/respect to jails, but... > > > > 2. We are not changing it (sshd_config has no ListenAddress -- leading to > > default values used), yet... > > > > 3. Base machine and jails both work fine > > > > Not sure when it's required versus not, because we're running fine without > > that > > change here with over a dozen jails. > > > > The only thing I've ever noticed is that we tend to use > > jail_NAME_ip="iface|addr" while most everybody else seems to be using > > jail_NAME_ip="addr". > > > > We may need to expand out from that. I use jail_NAME_ip="addr" but also > > ipv4_addrs_re0="10.0.0.254/24 10.0.0.1-5/24" > route_jaillan0="-net 10.0.0.0/24 10.0.0.254" > static_routes="jaillan0" > > Don't recall where I got that from but think it was an easy way to alias > a number of ip's whereas ifconfig__alias0 sets one ip at a time > and is also deprecated. > > If you use jail_NAME_ip="iface|addr" does this mean you don't have ip > addresses aliased to the iface on startup and they get aliased as the > jail starts? That would be why sshd isn't bound to the address before. Correct, and this was my leading theory. > man rc.conf for jail__ip says "... Additionally each address can > be prefixed by the name of an interface followed by a pipe to overwrite" > does that mean it clears the ip from the base system and re-creates it > for the jail? Dunno -- I first learned about "iface|addr" from reading the code. It did what I wanted _and_ improved the clarity/readability of rc.conf(5) in the case of multiple jails utilizing separate interfaces on similar subnets. Thus, it was embraced. > I also see jail__interface "...When set, sets the interface to > use when setting IP address alias. Note that the alias is created at > jail startup and removed at jail shutdown." Never used that setting before. > Which is what sounds like the solution to not have ip's available when > sshd starts so it isn't bound to them. Right-o. > Also what sys version were these options added? I would guess 8.x as we're using iface|addr in 8.1 (as previously mentioned, not using jail__interface -- dunno about that one). The following URLs might be of assistance in tracking down the origins of various options: http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/jail http://svnweb.freebsd.org/base/head/etc/rc.d/jail -- Devin _ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jail and networking
On 22/02/2013 05:52, Devin Teske wrote: What I find strange is that: 1. I knew about ListenAddress w/respect to jails, but... 2. We are not changing it (sshd_config has no ListenAddress -- leading to default values used), yet... 3. Base machine and jails both work fine Not sure when it's required versus not, because we're running fine without that change here with over a dozen jails. The only thing I've ever noticed is that we tend to use jail_NAME_ip="iface|addr" while most everybody else seems to be using jail_NAME_ip="addr". We may need to expand out from that. I use jail_NAME_ip="addr" but also ipv4_addrs_re0="10.0.0.254/24 10.0.0.1-5/24" route_jaillan0="-net 10.0.0.0/24 10.0.0.254" static_routes="jaillan0" Don't recall where I got that from but think it was an easy way to alias a number of ip's whereas ifconfig__alias0 sets one ip at a time and is also deprecated. If you use jail_NAME_ip="iface|addr" does this mean you don't have ip addresses aliased to the iface on startup and they get aliased as the jail starts? That would be why sshd isn't bound to the address before. man rc.conf for jail__ip says "... Additionally each address can be prefixed by the name of an interface followed by a pipe to overwrite" does that mean it clears the ip from the base system and re-creates it for the jail? I also see jail__interface "...When set, sets the interface to use when setting IP address alias. Note that the alias is created at jail startup and removed at jail shutdown." Which is what sounds like the solution to not have ip's available when sshd starts so it isn't bound to them. Also what sys version were these options added? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: jail and networking
> -Original Message- > From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- > questi...@freebsd.org] On Behalf Of d...@safeport.com > Sent: Thursday, February 21, 2013 11:00 AM > To: Shane Ambler > Cc: freebsd-questions@freebsd.org; Bernt Hansson > Subject: Re: jail and networking > > On Thu, 21 Feb 2013, Shane Ambler wrote: > > > It's been a while since I experimented with jails but I'm pretty sure it is > > the reason I changed my sshd_config > > > > When you start sshd on the base system by default it binds against 0.0.0.0 > > and :: which is every ip4 and ip6 address configured on the base system, > > which includes the aliased ip's for your jails. This is represented by the > > *:22 from sockstat. When you start the jail it can't start sshd because the > > base already has that address/port in use. > > > > In /etc/ssh/sshd_config comment out the ListenAddress 0.0.0.0 and > > ListenAddress :: then add ListenAddress 10.0.0.3 > > > > service sshd restart > > > > start your jail and try again > > > > The jail config is fine as the jail only sees the one ip address assigned to > > it. > > This is what fixed the problem. From the jail man page, "... The following > frequently deployed services must have their individual configuration files > modified to limit the application to listening to a specific IP address ...". It > then specifically mentions ssh and send mail. > > The system I looked at runs seven jails fine without my having made that change. > I am not sure why I am getting away with this, but I also thank you > What I find strange is that: 1. I knew about ListenAddress w/respect to jails, but... 2. We are not changing it (sshd_config has no ListenAddress -- leading to default values used), yet... 3. Base machine and jails both work fine Not sure when it's required versus not, because we're running fine without that change here with over a dozen jails. The only thing I've ever noticed is that we tend to use jail_NAME_ip="iface|addr" while most everybody else seems to be using jail_NAME_ip="addr". -- Devin _ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jail and networking
On Thu, 21 Feb 2013, Shane Ambler wrote: It's been a while since I experimented with jails but I'm pretty sure it is the reason I changed my sshd_config When you start sshd on the base system by default it binds against 0.0.0.0 and :: which is every ip4 and ip6 address configured on the base system, which includes the aliased ip's for your jails. This is represented by the *:22 from sockstat. When you start the jail it can't start sshd because the base already has that address/port in use. In /etc/ssh/sshd_config comment out the ListenAddress 0.0.0.0 and ListenAddress :: then add ListenAddress 10.0.0.3 service sshd restart start your jail and try again The jail config is fine as the jail only sees the one ip address assigned to it. This is what fixed the problem. From the jail man page, "... The following frequently deployed services must have their individual configuration files modified to limit the application to listening to a specific IP address ...". It then specifically mentions ssh and send mail. The system I looked at runs seven jails fine without my having made that change. I am not sure why I am getting away with this, but I also thank you ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jail and networking
It's been a while since I experimented with jails but I'm pretty sure it is the reason I changed my sshd_config When you start sshd on the base system by default it binds against 0.0.0.0 and :: which is every ip4 and ip6 address configured on the base system, which includes the aliased ip's for your jails. This is represented by the *:22 from sockstat. When you start the jail it can't start sshd because the base already has that address/port in use. In /etc/ssh/sshd_config comment out the ListenAddress 0.0.0.0 and ListenAddress :: then add ListenAddress 10.0.0.3 service sshd restart start your jail and try again The jail config is fine as the jail only sees the one ip address assigned to it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jail and networking
On Wed, 20 Feb 2013, Bernt Hansson wrote: 2013-02-20 22:17, doug skrev: On Wed, 20 Feb 2013, Jeff Tipton wrote: On 02/20/2013 20:59, Teske, Devin wrote: On Wed, 20 Feb 2013, Bernt Hansson wrote: On 2013-02-20 19:07, Jeff Tipton wrote: On 02/20/2013 19:42, Bernt Hansson wrote: On 2013-02-20 17:23, Teske, Devin wrote: On Wed, 20 Feb 2013, Bernt Hansson wrote: Hello list! I dont seem to get net working in a test jail. These I've tried; ftp, fetch, telnet They time out. Ssh sort of work. 32bit# ssh 10.0.0.3 ssh_askpass: exec(/usr/local/bin/ssh-askpass): No such file or directory Host key verification failed. jail is 8.3-STABLE i386 GENERIC host is FreeBSD 8.3-STABLE amd64 GENERIC I'm sure you want more info so just tell me what info. Commonly the problem is that you are "jexec'd" into the jail and I find that tools like ssh, ftp, telnet, etc. don't work when you're in the jail via "jexec" but instead what works way better is if you ssh into the jail (via the jail'd ssh process of course). Does that seem to be the case in your situation? If you mean this sshd IsJ0:00,00 /usr/sbin/sshd Then no. %ssh 10.0.0.10 ssh: connect to host 10.0.0.10 port 22: Operation timed out I did have an alias on the host to the jail's ip. Tried to restart the jail it went fine, but now I can't jexec in to the jail. testbox# jexec 1 tcsh jexec: jail_attach(1): Invalid argument Sooo... I'm kind of out of ideas. What does "jls" command say? If you have restarted your jail, it's ID most likely has changed. The ID did change, didn't know about that, thank you. But still, sshd isn't running in the jail 32bit# ps ax PID TT STAT TIME COMMAND 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 2391 ?? SsJ0:00,00 /usr/sbin/cron -s 2464 0 SJ 0:00,01 tcsh 2482 0 R+J0:00,00 ps ax testbox# ps ax | grep J 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 2391 ?? SsJ0:00,00 /usr/sbin/cron -s 2488 0 S+ 0:00,00 grep J testbox is the host. Or from the host: sockstat | grep :22. You should see something like root sshd 2016 3 tcp4 192.168.17.15:22 *:* for each jail testbox# sockstat | grep :22 berntsshd 3541 3 tcp4 10.0.0.3:22 80.x.x.x:25605 root sshd 3539 3 tcp4 10.0.0.3:22 80.x.x.x:25605 root sshd 1296 3 tcp6 *:22 *:* root sshd 1296 4 tcp4 *:22 *:* The jail has ip 10.0.0.10. There is only one jail. I could not see anything you are doing wrong, so here are the relevant parts of a host/jail we use for testing. I got all this by following the jail man page and/or hacking things that are working. Ihope this helps. This is all on an 8.2 system. Host config rc.conf - hostname="bcr.boltsys.com" ifconfig_em0="DHCP" sshd_enable="YES" : #jail base settings inetd_flags="-wW -a 10.1.10.110" rpcbind_enable="NO" # Jail general settings ifconfig_em0_alias0="inet 10.1.10.111 netmask 255.255.255.255" jail_set_hostname_allow="NO" jail_enable="YES" jail_interface="em0" jail_devfs_enable="YES" jail_procfs_enable="YES" jail_list="webmail" jail_webmail_rootdir="/usr/home/webmail" jail_webmail_hostname="webmail.boltsys.com" jail_webmail_ip="10.1.10.111" ifconfig (host) inet 10.1.10.111 netmask 0x broadcast 10.1.10.111 inet 10.1.10.110 netmask 0xff00 broadcast 10.1.10.255 Jail config rc.conf - network_interfaces="" hostname="webmail.boltsys.com" sshd_enable="YES" sendmail_enable="NO" sendmail_outbound_enable="YES" inetd_flags="-wW -a 10.1.10.111" inetd_enable="NO" rpcbind_enable="NO" _ Douglas Denault http://www.safeport.com d...@safeport.com Voice: 301-217-9220 Fax: 301-217-9277 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jail and networking
2013-02-20 22:17, doug skrev: On Wed, 20 Feb 2013, Jeff Tipton wrote: On 02/20/2013 20:59, Teske, Devin wrote: On Wed, 20 Feb 2013, Bernt Hansson wrote: On 2013-02-20 19:07, Jeff Tipton wrote: On 02/20/2013 19:42, Bernt Hansson wrote: On 2013-02-20 17:23, Teske, Devin wrote: On Wed, 20 Feb 2013, Bernt Hansson wrote: Hello list! I dont seem to get net working in a test jail. These I've tried; ftp, fetch, telnet They time out. Ssh sort of work. 32bit# ssh 10.0.0.3 ssh_askpass: exec(/usr/local/bin/ssh-askpass): No such file or directory Host key verification failed. jail is 8.3-STABLE i386 GENERIC host is FreeBSD 8.3-STABLE amd64 GENERIC I'm sure you want more info so just tell me what info. Commonly the problem is that you are "jexec'd" into the jail and I find that tools like ssh, ftp, telnet, etc. don't work when you're in the jail via "jexec" but instead what works way better is if you ssh into the jail (via the jail'd ssh process of course). Does that seem to be the case in your situation? If you mean this sshd IsJ0:00,00 /usr/sbin/sshd Then no. %ssh 10.0.0.10 ssh: connect to host 10.0.0.10 port 22: Operation timed out I did have an alias on the host to the jail's ip. Tried to restart the jail it went fine, but now I can't jexec in to the jail. testbox# jexec 1 tcsh jexec: jail_attach(1): Invalid argument Sooo... I'm kind of out of ideas. What does "jls" command say? If you have restarted your jail, it's ID most likely has changed. The ID did change, didn't know about that, thank you. But still, sshd isn't running in the jail 32bit# ps ax PID TT STAT TIME COMMAND 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 2391 ?? SsJ0:00,00 /usr/sbin/cron -s 2464 0 SJ 0:00,01 tcsh 2482 0 R+J0:00,00 ps ax testbox# ps ax | grep J 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 2391 ?? SsJ0:00,00 /usr/sbin/cron -s 2488 0 S+ 0:00,00 grep J testbox is the host. Or from the host: sockstat | grep :22. You should see something like root sshd 2016 3 tcp4 192.168.17.15:22 *:* for each jail testbox# sockstat | grep :22 berntsshd 3541 3 tcp4 10.0.0.3:22 80.x.x.x:25605 root sshd 3539 3 tcp4 10.0.0.3:22 80.x.x.x:25605 root sshd 1296 3 tcp6 *:22 *:* root sshd 1296 4 tcp4 *:22 *:* The jail has ip 10.0.0.10. There is only one jail. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jail and networking
2013-02-20 20:10, Jeff Tipton skrev: On 02/20/2013 20:59, Teske, Devin wrote: On Wed, 20 Feb 2013, Bernt Hansson wrote: On 2013-02-20 19:07, Jeff Tipton wrote: On 02/20/2013 19:42, Bernt Hansson wrote: On 2013-02-20 17:23, Teske, Devin wrote: On Wed, 20 Feb 2013, Bernt Hansson wrote: Hello list! I dont seem to get net working in a test jail. These I've tried; ftp, fetch, telnet They time out. Ssh sort of work. 32bit# ssh 10.0.0.3 ssh_askpass: exec(/usr/local/bin/ssh-askpass): No such file or directory Host key verification failed. jail is 8.3-STABLE i386 GENERIC host is FreeBSD 8.3-STABLE amd64 GENERIC I'm sure you want more info so just tell me what info. Commonly the problem is that you are "jexec'd" into the jail and I find that tools like ssh, ftp, telnet, etc. don't work when you're in the jail via "jexec" but instead what works way better is if you ssh into the jail (via the jail'd ssh process of course). Does that seem to be the case in your situation? If you mean this sshd IsJ0:00,00 /usr/sbin/sshd Then no. %ssh 10.0.0.10 ssh: connect to host 10.0.0.10 port 22: Operation timed out I did have an alias on the host to the jail's ip. Tried to restart the jail it went fine, but now I can't jexec in to the jail. testbox# jexec 1 tcsh jexec: jail_attach(1): Invalid argument Sooo... I'm kind of out of ideas. What does "jls" command say? If you have restarted your jail, it's ID most likely has changed. The ID did change, didn't know about that, thank you. But still, sshd isn't running in the jail 32bit# ps ax PID TT STAT TIME COMMAND 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 2391 ?? SsJ0:00,00 /usr/sbin/cron -s 2464 0 SJ 0:00,01 tcsh 2482 0 R+J0:00,00 ps ax testbox# ps ax | grep J 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 2391 ?? SsJ0:00,00 /usr/sbin/cron -s 2488 0 S+ 0:00,00 grep J testbox is the host. A stab in the dark, but... Did you add sshd_enable="YES" to the jail's rc.conf(5)? Or, from within the jail, what does service sshd status say? 32bit# service sshd status sshd is not running. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jail and networking
2013-02-20 19:59, Teske, Devin skrev: On Wed, 20 Feb 2013, Bernt Hansson wrote: On 2013-02-20 19:07, Jeff Tipton wrote: On 02/20/2013 19:42, Bernt Hansson wrote: On 2013-02-20 17:23, Teske, Devin wrote: On Wed, 20 Feb 2013, Bernt Hansson wrote: Hello list! I dont seem to get net working in a test jail. These I've tried; ftp, fetch, telnet They time out. Ssh sort of work. 32bit# ssh 10.0.0.3 ssh_askpass: exec(/usr/local/bin/ssh-askpass): No such file or directory Host key verification failed. jail is 8.3-STABLE i386 GENERIC host is FreeBSD 8.3-STABLE amd64 GENERIC I'm sure you want more info so just tell me what info. Commonly the problem is that you are "jexec'd" into the jail and I find that tools like ssh, ftp, telnet, etc. don't work when you're in the jail via "jexec" but instead what works way better is if you ssh into the jail (via the jail'd ssh process of course). Does that seem to be the case in your situation? If you mean this sshd IsJ0:00,00 /usr/sbin/sshd Then no. %ssh 10.0.0.10 ssh: connect to host 10.0.0.10 port 22: Operation timed out I did have an alias on the host to the jail's ip. Tried to restart the jail it went fine, but now I can't jexec in to the jail. testbox# jexec 1 tcsh jexec: jail_attach(1): Invalid argument Sooo... I'm kind of out of ideas. What does "jls" command say? If you have restarted your jail, it's ID most likely has changed. The ID did change, didn't know about that, thank you. But still, sshd isn't running in the jail 32bit# ps ax PID TT STAT TIME COMMAND 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 2391 ?? SsJ0:00,00 /usr/sbin/cron -s 2464 0 SJ 0:00,01 tcsh 2482 0 R+J0:00,00 ps ax testbox# ps ax | grep J 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 2391 ?? SsJ0:00,00 /usr/sbin/cron -s 2488 0 S+ 0:00,00 grep J testbox is the host. A stab in the dark, but... Did you add sshd_enable="YES" to the jail's rc.conf(5)? Yes, yes I did. rc.conf from the jail #ifconfig_xl0="DHCP" #defaultrouter="10.0.0.3" sendmail_enable="NO" #inetd_enable="NO" sshd_enable="YES" #ntpdate_enable="YES" #ntpdate_flags="time1.stupi.se" # -- sysinstall generated deltas -- # Mon Jan 21 01:22:37 2013 keymap="swedish.iso" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jail and networking
On Wed, 20 Feb 2013, Jeff Tipton wrote: On 02/20/2013 20:59, Teske, Devin wrote: On Wed, 20 Feb 2013, Bernt Hansson wrote: On 2013-02-20 19:07, Jeff Tipton wrote: On 02/20/2013 19:42, Bernt Hansson wrote: On 2013-02-20 17:23, Teske, Devin wrote: On Wed, 20 Feb 2013, Bernt Hansson wrote: Hello list! I dont seem to get net working in a test jail. These I've tried; ftp, fetch, telnet They time out. Ssh sort of work. 32bit# ssh 10.0.0.3 ssh_askpass: exec(/usr/local/bin/ssh-askpass): No such file or directory Host key verification failed. jail is 8.3-STABLE i386 GENERIC host is FreeBSD 8.3-STABLE amd64 GENERIC I'm sure you want more info so just tell me what info. Commonly the problem is that you are "jexec'd" into the jail and I find that tools like ssh, ftp, telnet, etc. don't work when you're in the jail via "jexec" but instead what works way better is if you ssh into the jail (via the jail'd ssh process of course). Does that seem to be the case in your situation? If you mean this sshd IsJ0:00,00 /usr/sbin/sshd Then no. %ssh 10.0.0.10 ssh: connect to host 10.0.0.10 port 22: Operation timed out I did have an alias on the host to the jail's ip. Tried to restart the jail it went fine, but now I can't jexec in to the jail. testbox# jexec 1 tcsh jexec: jail_attach(1): Invalid argument Sooo... I'm kind of out of ideas. What does "jls" command say? If you have restarted your jail, it's ID most likely has changed. The ID did change, didn't know about that, thank you. But still, sshd isn't running in the jail 32bit# ps ax PID TT STAT TIME COMMAND 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 2391 ?? SsJ0:00,00 /usr/sbin/cron -s 2464 0 SJ 0:00,01 tcsh 2482 0 R+J0:00,00 ps ax testbox# ps ax | grep J 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 2391 ?? SsJ0:00,00 /usr/sbin/cron -s 2488 0 S+ 0:00,00 grep J testbox is the host. A stab in the dark, but... Did you add sshd_enable="YES" to the jail's rc.conf(5)? Or, from within the jail, what does service sshd status say? Or from the host: sockstat | grep :22. You should see something like root sshd 2016 3 tcp4 192.168.17.15:22 *:* for each jail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jail and networking
On 02/20/2013 20:59, Teske, Devin wrote: On Wed, 20 Feb 2013, Bernt Hansson wrote: On 2013-02-20 19:07, Jeff Tipton wrote: On 02/20/2013 19:42, Bernt Hansson wrote: On 2013-02-20 17:23, Teske, Devin wrote: On Wed, 20 Feb 2013, Bernt Hansson wrote: Hello list! I dont seem to get net working in a test jail. These I've tried; ftp, fetch, telnet They time out. Ssh sort of work. 32bit# ssh 10.0.0.3 ssh_askpass: exec(/usr/local/bin/ssh-askpass): No such file or directory Host key verification failed. jail is 8.3-STABLE i386 GENERIC host is FreeBSD 8.3-STABLE amd64 GENERIC I'm sure you want more info so just tell me what info. Commonly the problem is that you are "jexec'd" into the jail and I find that tools like ssh, ftp, telnet, etc. don't work when you're in the jail via "jexec" but instead what works way better is if you ssh into the jail (via the jail'd ssh process of course). Does that seem to be the case in your situation? If you mean this sshd IsJ0:00,00 /usr/sbin/sshd Then no. %ssh 10.0.0.10 ssh: connect to host 10.0.0.10 port 22: Operation timed out I did have an alias on the host to the jail's ip. Tried to restart the jail it went fine, but now I can't jexec in to the jail. testbox# jexec 1 tcsh jexec: jail_attach(1): Invalid argument Sooo... I'm kind of out of ideas. What does "jls" command say? If you have restarted your jail, it's ID most likely has changed. The ID did change, didn't know about that, thank you. But still, sshd isn't running in the jail 32bit# ps ax PID TT STAT TIME COMMAND 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 2391 ?? SsJ0:00,00 /usr/sbin/cron -s 2464 0 SJ 0:00,01 tcsh 2482 0 R+J0:00,00 ps ax testbox# ps ax | grep J 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 2391 ?? SsJ0:00,00 /usr/sbin/cron -s 2488 0 S+ 0:00,00 grep J testbox is the host. A stab in the dark, but... Did you add sshd_enable="YES" to the jail's rc.conf(5)? Or, from within the jail, what does service sshd status say? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: jail and networking
On Wed, 20 Feb 2013, Bernt Hansson wrote: > On 2013-02-20 19:07, Jeff Tipton wrote: > > On 02/20/2013 19:42, Bernt Hansson wrote: > >> On 2013-02-20 17:23, Teske, Devin wrote: > >>> On Wed, 20 Feb 2013, Bernt Hansson wrote: > >>> > Hello list! > > I dont seem to get net working in a test jail. > > These I've tried; > > ftp, fetch, telnet > > They time out. > > Ssh sort of work. > > 32bit# ssh 10.0.0.3 > ssh_askpass: exec(/usr/local/bin/ssh-askpass): No such file or > directory > Host key verification failed. > > jail is 8.3-STABLE i386 GENERIC > > host is FreeBSD 8.3-STABLE amd64 GENERIC > > I'm sure you want more info so just tell me what info. > >>> > >>> Commonly the problem is that you are "jexec'd" into the jail and I > >>> find that tools like ssh, ftp, telnet, etc. don't work when you're in > >>> the jail via "jexec" but instead what works way better is if you ssh > >>> into the jail (via the jail'd ssh process of course). > >>> > >>> Does that seem to be the case in your situation? > >> > >> If you mean this sshd IsJ0:00,00 /usr/sbin/sshd > >> > >> Then no. > >> > >> %ssh 10.0.0.10 ssh: connect to host 10.0.0.10 port 22: Operation timed > >> out > >> > >> I did have an alias on the host to the jail's ip. > >> Tried to restart the jail it went fine, but now I can't jexec in to > >> the jail. > >> > >> testbox# jexec 1 tcsh > >> jexec: jail_attach(1): Invalid argument > >> > >> Sooo... I'm kind of out of ideas. > > > What does "jls" command say? If you have restarted your jail, it's ID > > most likely has changed. > > The ID did change, didn't know about that, thank you. > > But still, sshd isn't running in the jail > > 32bit# ps ax >PID TT STAT TIME COMMAND > 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for > /var/spool/clientmqueue (sendmail) > 2391 ?? SsJ0:00,00 /usr/sbin/cron -s > 2464 0 SJ 0:00,01 tcsh > 2482 0 R+J0:00,00 ps ax > > testbox# ps ax | grep J > 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for > /var/spool/clientmqueue (sendmail) > 2391 ?? SsJ0:00,00 /usr/sbin/cron -s > 2488 0 S+ 0:00,00 grep J > > testbox is the host. A stab in the dark, but... Did you add sshd_enable="YES" to the jail's rc.conf(5)? -- Devin _ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: jail and networking
On Wed, 20 Feb 2013, Bernt Hansson wrote: > On 2013-02-20 17:23, Teske, Devin wrote: > > On Wed, 20 Feb 2013, Bernt Hansson wrote: > > > >> Hello list! > >> > >> I dont seem to get net working in a test jail. > >> > >> These I've tried; > >> > >> ftp, fetch, telnet > >> > >> They time out. > >> > >> Ssh sort of work. > >> > >> 32bit# ssh 10.0.0.3 > >> ssh_askpass: exec(/usr/local/bin/ssh-askpass): No such file or directory > >> Host key verification failed. > >> > >> jail is 8.3-STABLE i386 GENERIC > >> > >> host is FreeBSD 8.3-STABLE amd64 GENERIC > >> > >> I'm sure you want more info so just tell me what info. > > > > Commonly the problem is that you are "jexec'd" into the jail and I find > > that tools like ssh, ftp, telnet, etc. don't work when you're in the jail > > via "jexec" but instead what works way better is if you ssh into the jail > > (via the jail'd ssh process of course). > > > > Does that seem to be the case in your situation? > > If you mean this sshd IsJ0:00,00 /usr/sbin/sshd > > Then no. > > %ssh 10.0.0.10 ssh: connect to host 10.0.0.10 port 22: Operation timed out > > I did have an alias on the host to the jail's ip. > Tried to restart the jail it went fine, but now I can't jexec in to the > jail. > > testbox# jexec 1 tcsh > jexec: jail_attach(1): Invalid argument > > Sooo... I'm kind of out of ideas. When you restart a jail it's jid (the first argument to jexec) changes. Instead of using the jid you can use the jail name (example below): jexec NAME tcsh Otherwise, you're going to have to do "jls" to get the new jid after restarting the jail. -- Devin _ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jail and networking
On 20/02/2013 18:23, Bernt Hansson wrote: The ID did change, didn't know about that, thank you. But still, sshd isn't running in the jail 32bit# ps ax PID TT STAT TIME COMMAND 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 2391 ?? SsJ0:00,00 /usr/sbin/cron -s 2464 0 SJ 0:00,01 tcsh 2482 0 R+J0:00,00 ps ax testbox# ps ax | grep J 2385 ?? IsJ0:00,00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) 2391 ?? SsJ0:00,00 /usr/sbin/cron -s 2488 0 S+ 0:00,00 grep J testbox is the host. I assume you setup the /etc/resolv.conf? I have found that my network does not start until I have this setup. -- Regards, Gary J. Hayers g...@hayers.org PGP Signature http://www.hayers.org/pgp ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: jail and networking
On 02/20/2013 19:42, Bernt Hansson wrote: On 2013-02-20 17:23, Teske, Devin wrote: On Wed, 20 Feb 2013, Bernt Hansson wrote: Hello list! I dont seem to get net working in a test jail. These I've tried; ftp, fetch, telnet They time out. Ssh sort of work. 32bit# ssh 10.0.0.3 ssh_askpass: exec(/usr/local/bin/ssh-askpass): No such file or directory Host key verification failed. jail is 8.3-STABLE i386 GENERIC host is FreeBSD 8.3-STABLE amd64 GENERIC I'm sure you want more info so just tell me what info. Commonly the problem is that you are "jexec'd" into the jail and I find that tools like ssh, ftp, telnet, etc. don't work when you're in the jail via "jexec" but instead what works way better is if you ssh into the jail (via the jail'd ssh process of course). Does that seem to be the case in your situation? If you mean this sshd IsJ0:00,00 /usr/sbin/sshd Then no. %ssh 10.0.0.10 ssh: connect to host 10.0.0.10 port 22: Operation timed out I did have an alias on the host to the jail's ip. Tried to restart the jail it went fine, but now I can't jexec in to the jail. testbox# jexec 1 tcsh jexec: jail_attach(1): Invalid argument Sooo... I'm kind of out of ideas. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" What does "jls" command say? If you have restarted your jail, it's ID most likely has changed. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
RE: jail and networking
On Wed, 20 Feb 2013, Bernt Hansson wrote: > Hello list! > > I dont seem to get net working in a test jail. > > These I've tried; > > ftp, fetch, telnet > > They time out. > > Ssh sort of work. > > 32bit# ssh 10.0.0.3 > ssh_askpass: exec(/usr/local/bin/ssh-askpass): No such file or directory > Host key verification failed. > > jail is 8.3-STABLE i386 GENERIC > > host is FreeBSD 8.3-STABLE amd64 GENERIC > > I'm sure you want more info so just tell me what info. Commonly the problem is that you are "jexec'd" into the jail and I find that tools like ssh, ftp, telnet, etc. don't work when you're in the jail via "jexec" but instead what works way better is if you ssh into the jail (via the jail'd ssh process of course). Does that seem to be the case in your situation? -- Devin _ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"