Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Mar 2003 16:20:38 -0600 (CST)
From:      Cary Mathews <scattered@babel.acu.edu>
To:        freebsd-questions@freebsd.org
Subject:   ssh'ing into jail(8)  
Message-ID:  <Pine.BSO.4.40.0303111552120.2409-100000@babel.acu.edu>

next in thread | raw e-mail | index | archive | help
If this is not the right fourm to ask this question, please redirect me to
the correct place, or documentation which addresses this issue.

I am setting up an internal (192.168.x.x) "network" of  computers consisting
of jail(8)'d virtual machines. I have set up djbdns to provide DNS service
for this internal network.

I have assigned my 192.168.x.x addresses to the lo0 interface so I don't
have to make major adjustments to my firewall ruleset.

I am able to ping all my internal machines from the host computer. I am
able to do dns lookups using the dns tools provided with djbdns, and the
nslookup and dig tools. So I am confident that name resolution is working.

Within the jailed hosts, I have turned off the portmap, syslogd, sendmail,
and inetd daemons and am running only cron and sshd daemons upon start up.

But when I attempt to ssh into one of the jailed hosts, the connection
times out and reports: "Connection closed by 192.168.1.100".

A partial sockstat reading while the hosts are attempting to connect
shows:
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
sshd     sshd     59613    4 tcp4   192.168.1.100:22      192.168.1.100:2604
sshd     sshd     59613    7 udp4   192.168.1.100:2625    192.168.1.1:53
root     sshd     59612    4 tcp4   192.168.1.100:22      192.168.1.100:2604
cary     ssh      59611    3 tcp4   192.168.1.100:2604    192.168.1.100:22

A quick description of the addresses:
150.252.106.57 - external IP address of host computer, also running
dnscache for external lookups
192.168.1.1 - IP address of internal dnscache for 192.168.x.x addresses
192.168.1.100 - IP address of jail(8)'d host
192.168.53.1 - IP address of jail(8)'d tinydns server host

ssh debugging output shows:
[snip initial key-exchange]
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
{and ssh "hangs" here...}

The messages, security, and auth logs under /var/log in the jail'd host
are completly empty.  Under the host machine logs , there is nothing as
well.

I'm at a loss of what else to trouble shoot.  I'm not subscribed to the
list so if you could Cc: me, I would appreciate it.

Thank you in advance for any help offered!

Cary Mathews


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSO.4.40.0303111552120.2409-100000>