From owner-freebsd-questions@freebsd.org Wed Dec 7 00:24:44 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C7719C6BB4F for ; Wed, 7 Dec 2016 00:24:44 +0000 (UTC) (envelope-from lists@bertram-scharpf.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 308713F1 for ; Wed, 7 Dec 2016 00:24:43 +0000 (UTC) (envelope-from lists@bertram-scharpf.de) Received: from becker.bs.l ([85.180.8.119]) by mrelayeu.kundenserver.de (mreue002 [212.227.15.129]) with ESMTPSA (Nemesis) id 0LeDzp-1d1ngz3gD7-00q9ZJ for ; Wed, 07 Dec 2016 01:24:40 +0100 Received: from bsch by becker.bs.l with local (Exim 4.87 (FreeBSD)) (envelope-from ) id 1cEQ2K-00075q-8o for freebsd-questions@freebsd.org; Wed, 07 Dec 2016 01:24:40 +0100 Date: Wed, 7 Dec 2016 01:24:40 +0100 From: Bertram Scharpf To: freebsd-questions@freebsd.org Subject: Closed port 22 in the jail redirects to the outer system Message-ID: <20161207002440.GA26711@becker.bs.l> Mail-Followup-To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline User-Agent: Mutt/1.7.1 (2016-10-04) Sender: Bertram Scharpf X-Provags-ID: V03:K0:iSj+3uM0G9ITxhh1mNwuIPe99ElM9wK+lJeMZelG3JZaqWQnsXV g8/ttlOppDaQoCgb9qtAC/Z9pFMiLCHDNHJzzTtkkW6W/3lHupXrwd10f4kop3iM0FIiUW8 +vaDmwxN/6AFvzB4honWRUpMaqGHeasNaVUXlhdchSgR+oXcsYiaLHyQVOSjBhb7FzeLTnd v1Aw/Yns/YkXvh0FVp7XQ== X-UI-Out-Filterresults: notjunk:1;V01:K0:DPhCuNk0Ck8=:xRQYenf2P5t0cfukRbLbfO PH5MaRFHYUuDzsfCWUMTfaNMCf8oXnqN3zrqp8kJgIYIJ8rblJjgz1Y7gl3tIab1jLMhwpd6q /YiOZogsyIi9UExBD/cWkFBiDQujScygbx8bpKBtOpbdTc4xY866quhqLthECDzlZOU/A8g44 Xpj/07AAIP3GjWVmlfmYuWiV+OY88tY1GJW+Kaw53PB+bJCl3yT26pJpjtwMuhTCtXH7XkPOZ 1/MX/OeMSmnOaVJq50p2mg4phNv379x9GT3a0+cTllHyIZdqDW7GNJyii6itEo+ELFfwH3jjj zzVo5eYwKb57oFBPHNat2AJAI6lxoY1zkO3KEkDs81x9+yu3BszbrHHEFR07uc3cy17uK5z1p /7h5eT5RWb2CiRfLaPuwNAd1Hi1SqEjC2OsDZwLNrYCt141wI/bxcbk4yZ8UHGrw5PwaZq//n 4j8JjxbWz0jIDDI5k+VPsk1wAhmDrzpsiYrzz02l6UyUpmFnIm2jOJKKlP4SHpSoLoVmUEoR5 vjcS1GQyaKVG8a9izhuKsSxj5XY8YvP/Px2evjkQkJICmJ/PM85edUyUc+m2XxQsPgvmA6xBD TlHw0/IidDjxmONrUrL7FyeXScJn5Kg3p6+JjPV8hlqOW88UVggLZ/W0Fdqep/ffvL7UeXj6R STWdtJeq29kjX3M3CnbHHfRsH38grPjbO2dAPOE0qjcACjPVoVuYODOikusrehWwaTNw= X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Dec 2016 00:24:44 -0000 Hi, I'm fed up with my log files being polluted by failing SSH login attempts. I disabled password authentication totally so there's not really a security problem, but it's annoying. Using a higher port number does only help for a while. All I want to do is to log in myself from remote. Now I tried to do the following: A jail runs an HTTP server with several subpages. One of them asks for a password and then starts an SSH daemon that accepts just one connection and closes afterwards. From inside the jail then I can ssh to the outer machine. But: As long as the SSH daemon inside the jail doesn't run, the port 22 request gets caught by the outer system and again I get my logfiles polluted. How can I make a port 22 request fail if an SSH server is running on the outer machine but not inside the jail? Thanks in advance. Bertram -- Bertram Scharpf Stuttgart, Deutschland/Germany http://www.bertram-scharpf.de