Date: Wed, 03 Oct 2007 17:25:09 +0100 From: Tom Evans <tevans.uk@googlemail.com> To: freebsd-stable@freebsd.org Cc: freebsd-jail@freebsd.org Subject: Cannot ssh from jail Message-ID: <1191428709.1475.26.camel@localhost>
next in thread | raw e-mail | index | archive | help
--=-rgvsH0k1VJ01bW/EP00N Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi stable@, jail@ [jail@ plz cc me as I'm not subscribed] I'm having some problems setting up some jails for semi-isolated development (ie, so we can isolate the developers into a jail, give them all the root access they want, and not worry about them blowing up more than their own jail) on 6.2-RELEASE-p5. I have set up a jail, using ezjail, which appeared to work fine. I can start the jail, and use jexec to spawn a shell inside the jail. However, if I then try to ssh from the jail to another box, ssh fails with the error message (with -v): debug1: read_passphrase: can't open /dev/tty: Device busy Host key verification failed. The only ezjail.conf option I changed/added from default was to set ezjail_jaildir. I left ezjail_devfs_enable=3D"YES", ezjail_devfs_ruleset=3D"devfsrules_jail", the defaults. =46rom outside the jail, devfs appears to be mounted: /data2/ezjails/basejail on /data2/ezjails/monotest/basejail (nullfs, local, read-only) devfs on /data2/ezjails/monotest/dev (devfs, local) fdescfs on /data2/ezjails/monotest/dev/fd (fdescfs) procfs on /data2/ezjails/monotest/proc (procfs, local) =46rom inside the jail, there doesn't appear to be a /dev/tty, unless you look for it: # ls /dev fd ptyp0 ptyp3 ptyp6 stdin ttyp1 ttyp4 urandom log ptyp1 ptyp4 random stdout ttyp2 ttyp5 zero null ptyp2 ptyp5 stderr ttyp0 ttyp3 ttyp6 # ls -l /dev/tty crw-rw-rw- 1 root wheel 0, 91 Oct 3 16:57 /dev/tty I found a posting from 2005 describing the same problem [1], but unfortunately without a resolution. I'm sure this should be possible and I'm doing/not doing something that stops it. Any hints, tips would be appreciated. If there's any additional information I can provide..=09 Cheers Tom [1] http://lists.freebsd.org/pipermail/freebsd-hackers/2005-November/014423.htm= l --=-rgvsH0k1VJ01bW/EP00N Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQBHA8JZlcRvFfyds/cRAsCvAJ93GUU+LvdZ0Q4NNmy63BspQksCWwCePqPl n/potzqBHb50Kk8mImfhxEI= =6EUk -----END PGP SIGNATURE----- --=-rgvsH0k1VJ01bW/EP00N--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1191428709.1475.26.camel>