Date: Wed, 7 Dec 2016 21:51:51 +0100 From: Bertram Scharpf <lists@bertram-scharpf.de> To: freebsd-questions@freebsd.org Subject: Re: Closed port 22 in the jail redirects to the outer system Message-ID: <20161207205151.GA12525@becker.bs.l> In-Reply-To: <alpine.BSF.2.20.1612062144350.55755@funmax.d.net> References: <20161207002440.GA26711@becker.bs.l> <584765FD.6050901@gmail.com> <alpine.BSF.2.20.1612062144350.55755@funmax.d.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, 06. Dec 2016, 22:05:09 -0800, Robroy Gregg wrote: > Bertram Scharpf wrote: > > > How can I make a port 22 request fail if an SSH server is running on the > > outer machine but not inside the jail? > > If I've understood your situation correctly, the idea here's to configure > the host FreeBSD system's ssh daemon to associate itself only with the > host system's IP address. > > By default, the ssh daemon associates itself with all IP addresses your > computer's configured to use (host + jails), which leads to the > fall-through effect you're experiencing when your jail's ssh daemon isn't > running. That's exactly what I meant. I don't know why, but I always thought a jail should grab all requests on its IP and then look up a server process. > On the host system, edit /etc/ssh/sshd_config, and add a line like this, > assuming your host system's IP is 10.0.0.1. > > ListenAddress 10.0.0.1 I should have found this myself. Sorry for the noise. Thank you! Bertram -- Bertram Scharpf Stuttgart, Deutschland/Germany http://www.bertram-scharpf.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161207205151.GA12525>