Re: how to configure host login account to use jail?
Damien Fleuriot wrote: On 23 Dec 2012, at 03:43, Fbsd8 fb...@a1poweruser.com wrote: Have jails up and running on host with ip address of 10.0.10.10 10.0.10.11 10.0.10.12 10.0.10.13 10.0.10.14 The host rc.conf has ifconfig_xl0=DHCP # nix connected to isp ifconfig_rl0=inet 10.0.10.2 #lan nic I want lan users to login to their jail by ip address using ssh. How do I setup host user accounts so they login to their associated jail? Is this something I code in the host user account or is it done by the remote ssh login command? How do other jail users do this? I assign public IPs to my jails and let people SSH to them. Ok but as my question asks, how do you configure things to get that to work? I am after the details. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to configure host login account to use jail?
On 23/12/2012 13:11, Fbsd8 wrote: Ok but as my question asks, how do you configure things to get that to work? I am after the details. You need to run an instance of sshd in each jail. Because sshd defaults to binding to INADDR_ANY, you need to modify the sshd configuration in the host system, so it binds to a specific address, otherwise it will likely block out the jailed sshd's: ListenAddress 192.0.2.1 ListenAddress 2001:DB8::1 ListenAddress 127.0.0.1 ListenAddress ::1 sshd in the jails doesn't need any similar configuration change. You don't need user accounts in your host system for the jail users -- each jail can have it's own passwd file etc. However, it can be useful to make sure that UID numbers for regular users in host and jails don't overlap. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Re: how to configure host login account to use jail?
Matthew Seaman wrote: On 23/12/2012 13:11, Fbsd8 wrote: Ok but as my question asks, how do you configure things to get that to work? I am after the details. You need to run an instance of sshd in each jail. Because sshd defaults to binding to INADDR_ANY, you need to modify the sshd configuration in the host system, so it binds to a specific address, otherwise it will likely block out the jailed sshd's: ListenAddress 192.0.2.1 ListenAddress 2001:DB8::1 ListenAddress 127.0.0.1 ListenAddress ::1 sshd in the jails doesn't need any similar configuration change. You don't need user accounts in your host system for the jail users -- each jail can have it's own passwd file etc. However, it can be useful to make sure that UID numbers for regular users in host and jails don't overlap. Cheers, Matthew What does the remote ssh login command look like? ssh on the host does not use the standard port 22. It uses 2299 instead. this stopped all the ssh break-in attempts. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to configure host login account to use jail?
Fbsd8 wrote: Matthew Seaman wrote: On 23/12/2012 13:11, Fbsd8 wrote: Ok but as my question asks, how do you configure things to get that to work? I am after the details. You need to run an instance of sshd in each jail. Because sshd defaults to binding to INADDR_ANY, you need to modify the sshd configuration in the host system, so it binds to a specific address, otherwise it will likely block out the jailed sshd's: ListenAddress 192.0.2.1 ListenAddress 2001:DB8::1 ListenAddress 127.0.0.1 ListenAddress ::1 sshd in the jails doesn't need any similar configuration change. You don't need user accounts in your host system for the jail users -- each jail can have it's own passwd file etc. However, it can be useful to make sure that UID numbers for regular users in host and jails don't overlap. Cheers, Matthew What does the remote ssh login command look like? ssh on the host does not use the standard port 22. It uses 2299 instead. this stopped all the ssh break-in attempts. Have things working all except ssh login to jail from an FBSD box on the lan using native ssh command syntax. This is what I have Have single jail for testing assigned ip address of 10.0.10.20 and it has jail option for auto alias create/remove. From the host I logged into the jail and did these commands This turns on ssh in jail echo sshd_enable=YES /etc/rc.conf Turn off dns check for fast jail start echo UseDNS no /etc/ssh/sshd_config Did adduser to create user account in jail to ssh into. Stop and restart jail for changes to take effect ssh on host has been changed to use port 9922. This stopped all the ssh break-in attempts from the public internet. From putty on xp box on lan can ssh to 10.0.10.2 9922 and login to any user account on host. Using 10.0.10.20 22 login to user account on jail just fine. From another lan box running FBSD can ssh into host user accounts using this command ssh host-user-account-name@10.0.10.2 just fine But I can not figure out syntax for native ssh command to login to jail. This is where in need some help in coding the correct -options and what values to use where. I read the man pages on ssh but its clear as mud to me. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
how to configure host login account to use jail?
Have jails up and running on host with ip address of 10.0.10.10 10.0.10.11 10.0.10.12 10.0.10.13 10.0.10.14 The host rc.conf has ifconfig_xl0=DHCP # nix connected to isp ifconfig_rl0=inet 10.0.10.2 #lan nic I want lan users to login to their jail by ip address using ssh. How do I setup host user accounts so they login to their associated jail? Is this something I code in the host user account or is it done by the remote ssh login command? How do other jail users do this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to configure host login account to use jail?
On 23 Dec 2012, at 03:43, Fbsd8 fb...@a1poweruser.com wrote: Have jails up and running on host with ip address of 10.0.10.10 10.0.10.11 10.0.10.12 10.0.10.13 10.0.10.14 The host rc.conf has ifconfig_xl0=DHCP # nix connected to isp ifconfig_rl0=inet 10.0.10.2 #lan nic I want lan users to login to their jail by ip address using ssh. How do I setup host user accounts so they login to their associated jail? Is this something I code in the host user account or is it done by the remote ssh login command? How do other jail users do this? I assign public IPs to my jails and let people SSH to them. Alternatively you could use non-22 ports and have PF rdr to your jail's internal IP. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
