From owner-freebsd-questions Thu Mar 13 13:22:34 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 00ECD37B401 for ; Thu, 13 Mar 2003 13:22:32 -0800 (PST) Received: from babel.acu.edu (babel.acu.edu [150.252.167.240]) by mx1.FreeBSD.org (Postfix) with SMTP id 2694A43F93 for ; Thu, 13 Mar 2003 13:22:31 -0800 (PST) (envelope-from scattered@babel.acu.edu) Received: (qmail 23995 invoked by uid 1001); 13 Mar 2003 21:29:18 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 13 Mar 2003 21:29:18 -0000 Date: Thu, 13 Mar 2003 15:29:18 -0600 (CST) From: Cary Mathews To: freebsd-questions@freebsd.org Subject: ssh'ing into jail(8) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG (I sent this two days ago, when I was not subscribed. As I did not get any replies, I have subscribed to freebsd-questions and am resending it.) If this is not the right fourm to ask this question, please redirect me to the correct place, or documentation which addresses this issue. I am setting up an internal (192.168.x.x) "network" of computers consisting of jail(8)'d virtual machines. I have set up djbdns to provide DNS service for this internal network. I have assigned my 192.168.x.x addresses to the lo0 interface so I don't have to make major adjustments to my firewall ruleset. I am able to ping all my internal machines from the host computer. I am able to do dns lookups using the dns tools provided with djbdns, and the nslookup and dig tools. So I am confident that name resolution is working. Within the jailed hosts, I have turned off the portmap, syslogd, sendmail, and inetd daemons and am running only cron and sshd daemons upon start up. But when I attempt to ssh into one of the jailed hosts, the connection times out and reports: "Connection closed by 192.168.1.100". A partial sockstat reading while the hosts are attempting to connect shows: USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS sshd sshd 59613 4 tcp4 192.168.1.100:22 192.168.1.100:2604 sshd sshd 59613 7 udp4 192.168.1.100:2625 192.168.1.1:53 root sshd 59612 4 tcp4 192.168.1.100:22 192.168.1.100:2604 cary ssh 59611 3 tcp4 192.168.1.100:2604 192.168.1.100:22 A quick description of the addresses: 150.252.106.57 - external IP address of host computer, also running dnscache for external lookups 192.168.1.1 - IP address of internal dnscache for 192.168.x.x addresses 192.168.1.100 - IP address of jail(8)'d host 192.168.53.1 - IP address of jail(8)'d tinydns server host ssh debugging output shows: [snip initial key-exchange] debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT {and ssh "hangs" here... Acutally waits and eventually times out.} The messages, security, and auth logs under /var/log in the jail'd host are completly empty. Under the host machine logs , there is nothing as well. I'm at a loss of what else to trouble shoot. Thank you in advance for any help offered! Cary Mathews To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message