From owner-freebsd-questions@freebsd.org  Wed Dec  7 16:22:39 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 41F6AC6C46A
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed,  7 Dec 2016 16:22:39 +0000 (UTC)
 (envelope-from freebsd@qeng-ho.org)
Received: from bede.home.qeng-ho.org (bede.qeng-ho.org [217.155.128.241])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "fileserver.home.qeng-ho.org",
 Issuer "fileserver.home.qeng-ho.org" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id D709B1946
 for <freebsd-questions@freebsd.org>; Wed,  7 Dec 2016 16:22:38 +0000 (UTC)
 (envelope-from freebsd@qeng-ho.org)
Received: from arthur.home.qeng-ho.org (arthur.home.qeng-ho.org [172.23.1.2])
 by bede.home.qeng-ho.org (8.15.2/8.15.2) with ESMTP id
 uB7GMT8d003857; Wed, 7 Dec 2016 16:22:29 GMT
 (envelope-from freebsd@qeng-ho.org)
Subject: Re: Closed port 22 in the jail redirects to the outer system
To: markham breitbach <markham@ssimicro.com>, freebsd-questions@freebsd.org
References: <20161207002440.GA26711@becker.bs.l>
 <e28ad23b-1a55-c23a-de30-8738302cd9ca@ssimicro.com>
From: Arthur Chance <freebsd@qeng-ho.org>
Message-ID: <4af43340-9711-d303-e97c-ef6142395010@qeng-ho.org>
Date: Wed, 7 Dec 2016 16:22:29 +0000
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101
 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <e28ad23b-1a55-c23a-de30-8738302cd9ca@ssimicro.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Dec 2016 16:22:39 -0000

On 07/12/2016 15:52, markham breitbach wrote:
> On 2016-12-06 5:24 PM, Bertram Scharpf wrote:
>>
>> How can I make a port 22 request fail if an SSH server is
>> running on the outer machine but not inside the jail?
>>
>>
>>
> By default sshd on the jail host (outer machine) will bind to all
> available addresses.  You can just set the listenAddress for sshd to be
> the IP address that you want it to listen to in /etc/ssh/sshd_config and
> restart sshd.

This is all documented in the "Setting up the Host Environment" section
of the jail(8) man page. It's worth looking at that because other
daemons may be affected.

-- 
Schrödinger's cat had 18 half lives.