From owner-freebsd-stable@FreeBSD.ORG Wed Oct 3 16:52:30 2007 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 277F416A481 for ; Wed, 3 Oct 2007 16:52:30 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190]) by mx1.freebsd.org (Postfix) with ESMTP id 5D51E13C45B for ; Wed, 3 Oct 2007 16:52:28 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: by nf-out-0910.google.com with SMTP id b2so3273106nfb for ; Wed, 03 Oct 2007 09:52:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:subject:from:to:cc:content-type:date:message-id:mime-version:x-mailer; bh=GFFF39J/g08IWDb2cqv+FVXXWnQR1hcNBzxjUJOQtR4=; b=J70OQkx7luZGkgJGxhp2LVk4bkGr5N0bYSO/+1TtoBf9k4gdij01mu6vvkHDtDoT1K30cBaXF/zwIPtfGlY0ncSy4zwEAvccNy2aYzjv4G/uR4jR5m9x4d+qGfZQIdnlp9jVarzAfPW8DpMuSM/XM+9WHSl4Udwo6Z8Txcv0F6c= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:subject:from:to:cc:content-type:date:message-id:mime-version:x-mailer; b=mB9bMjQgKj5U9q6LRByGoi8h71lUMwD4AMKGZsT9VAsLwZGBWgvxiLhX8/OMRrGlretzDbrWHVNtaHoyvSNvsvWUfgkLYTi59hB2/8iiarpnO59P9a9jSXUt+P0Z73HXf5/YyOoKb6jMDCOUx8kLFC0LKYO2zxbOviifkdS2NkM= Received: by 10.78.193.5 with SMTP id q5mr2988071huf.1191428712867; Wed, 03 Oct 2007 09:25:12 -0700 (PDT) Received: from ?127.0.0.1? ( [217.206.187.79]) by mx.google.com with ESMTPS id h6sm3895356nfh.2007.10.03.09.25.11 (version=SSLv3 cipher=RC4-MD5); Wed, 03 Oct 2007 09:25:12 -0700 (PDT) From: Tom Evans To: freebsd-stable@freebsd.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-rgvsH0k1VJ01bW/EP00N" Date: Wed, 03 Oct 2007 17:25:09 +0100 Message-Id: <1191428709.1475.26.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.10.2 FreeBSD GNOME Team Port Cc: freebsd-jail@freebsd.org Subject: Cannot ssh from jail X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2007 16:52:31 -0000 --=-rgvsH0k1VJ01bW/EP00N Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi stable@, jail@ [jail@ plz cc me as I'm not subscribed] I'm having some problems setting up some jails for semi-isolated development (ie, so we can isolate the developers into a jail, give them all the root access they want, and not worry about them blowing up more than their own jail) on 6.2-RELEASE-p5. I have set up a jail, using ezjail, which appeared to work fine. I can start the jail, and use jexec to spawn a shell inside the jail. However, if I then try to ssh from the jail to another box, ssh fails with the error message (with -v): debug1: read_passphrase: can't open /dev/tty: Device busy Host key verification failed. The only ezjail.conf option I changed/added from default was to set ezjail_jaildir. I left ezjail_devfs_enable=3D"YES", ezjail_devfs_ruleset=3D"devfsrules_jail", the defaults. =46rom outside the jail, devfs appears to be mounted: /data2/ezjails/basejail on /data2/ezjails/monotest/basejail (nullfs, local, read-only) devfs on /data2/ezjails/monotest/dev (devfs, local) fdescfs on /data2/ezjails/monotest/dev/fd (fdescfs) procfs on /data2/ezjails/monotest/proc (procfs, local) =46rom inside the jail, there doesn't appear to be a /dev/tty, unless you look for it: # ls /dev fd ptyp0 ptyp3 ptyp6 stdin ttyp1 ttyp4 urandom log ptyp1 ptyp4 random stdout ttyp2 ttyp5 zero null ptyp2 ptyp5 stderr ttyp0 ttyp3 ttyp6 # ls -l /dev/tty crw-rw-rw- 1 root wheel 0, 91 Oct 3 16:57 /dev/tty I found a posting from 2005 describing the same problem [1], but unfortunately without a resolution. I'm sure this should be possible and I'm doing/not doing something that stops it. Any hints, tips would be appreciated. If there's any additional information I can provide..=09 Cheers Tom [1] http://lists.freebsd.org/pipermail/freebsd-hackers/2005-November/014423.htm= l --=-rgvsH0k1VJ01bW/EP00N Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQBHA8JZlcRvFfyds/cRAsCvAJ93GUU+LvdZ0Q4NNmy63BspQksCWwCePqPl n/potzqBHb50Kk8mImfhxEI= =6EUk -----END PGP SIGNATURE----- --=-rgvsH0k1VJ01bW/EP00N--