From owner-freebsd-hackers@FreeBSD.ORG  Sat Nov 12 13:53:21 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7AF5416A41F
	for <freebsd-hackers@freebsd.org>; Sat, 12 Nov 2005 13:53:21 +0000 (GMT)
	(envelope-from albi@scii.nl)
Received: from post-25.mail.nl.demon.net (post-25.mail.nl.demon.net
	[194.159.73.195])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 07EEA43D49
	for <freebsd-hackers@freebsd.org>; Sat, 12 Nov 2005 13:53:20 +0000 (GMT)
	(envelope-from albi@scii.nl)
Received: from aseed.demon.nl ([83.160.138.119]:9985
	helo=mail.aseed.antenna.nl)
	by post-25.mail.nl.demon.net with esmtp (Exim 4.51)
	id 1Eavog-000L8H-MA
	for freebsd-hackers@freebsd.org; Sat, 12 Nov 2005 13:53:14 +0000
Received: from http.aseed.antenna.nl (http.aseed.antenna.nl [192.168.0.50])
	by mail.aseed.antenna.nl (Postfix) with ESMTP id 35283154FCC
	for <freebsd-hackers@freebsd.org>; Sat, 12 Nov 2005 14:56:06 +0100 (CET)
Received: from localhost.localdomain (217-19-30-147.dsl.cambrium.nl
	[217.19.30.147])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by http.aseed.antenna.nl (Postfix) with ESMTP id 4A1065B4E32
	for <freebsd-hackers@freebsd.org>; Sat, 12 Nov 2005 14:57:24 +0100 (CET)
Date: Sat, 12 Nov 2005 14:52:56 +0100
From: albi <albi@scii.nl>
To: freebsd-hackers@freebsd.org
Message-Id: <20051112145256.32764aa4.albi@scii.nl>
In-Reply-To: <20051112134351.28756.qmail@web60325.mail.yahoo.com>
References: <20051112133842.28195.qmail@web60325.mail.yahoo.com>
	<20051112134351.28756.qmail@web60325.mail.yahoo.com>
X-Mailer: Sylpheed version 2.1.1 (GTK+ 2.8.6; i486-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: SSH From within a Jail
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Nov 2005 13:53:21 -0000

On Sat, 12 Nov 2005 05:43:51 -0800 (PST)
d c <casteld73@yahoo.com> wrote:

> here is the rsult from using -v.  THis should help.
> 
> ns1# ssh -v 10.0.0.60
> OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25
> Oct 2004
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to 10.0.0.60 [10.0.0.60] port 22.
-- cut --
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: read_passphrase: can't open /dev/tty: Device
> busy
> Host key verification failed.
> 
> I just don't understand how to fix "can't open
> /dev/tty"

how do you start the jail(s) and how do you deal with /dev in the jail
(s) ?

here's my relevant part in /etc/rc.conf of my host-system on a 5.4-REL
machine as a working example :

jail_enable="YES"
jail_socket_unixiproute_only="YES"
jail_sysvipc_allow="NO"
jail_list="ssh build mail http https"
jail_set_hostname_allow="NO"

#
jail_build_rootdir="/usr/jails/build"
jail_build_hostname="build.mydomain.org"
jail_build_ip="192.168.100.100"
jail_build_exec="/bin/sh /etc/rc"
jail_build_devfs_enable="YES"
jail_build_devfs_ruleset="devfsrules_jail"


-- 
grtjs, albi
gpg-key: lynx -dump http://scii.nl/~albi/gpg.asc | gpg --import