From owner-freebsd-questions@freebsd.org  Tue Dec 11 18:48:16 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 086C7130E826
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Tue, 11 Dec 2018 18:48:16 +0000 (UTC)
 (envelope-from peter@boosten.org)
Received: from smtpq2.mnd.mail.iss.as9143.net (smtpq2.mnd.mail.iss.as9143.net
 [212.54.34.165])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9696385703
 for <freebsd-questions@freebsd.org>; Tue, 11 Dec 2018 18:48:14 +0000 (UTC)
 (envelope-from peter@boosten.org)
Received: from [212.54.34.120] (helo=smtp12.mnd.mail.iss.as9143.net)
 by smtpq2.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2)
 (envelope-from <peter@boosten.org>)
 id 1gWn4g-0005aW-CV; Tue, 11 Dec 2018 19:48:06 +0100
Received: from 5419f71f.cm-5-2d.dynamic.ziggo.nl ([84.25.247.31]
 helo=ra.boosten.org)
 by smtp12.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2)
 (envelope-from <peter@boosten.org>)
 id 1gWn4g-0008Rb-AA; Tue, 11 Dec 2018 19:48:06 +0100
Received: from anubis.egypt.nl (anubis.egypt.nl [192.168.13.33])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by ra.boosten.org (Postfix) with ESMTPSA id 347153432F38;
 Tue, 11 Dec 2018 19:48:04 +0100 (CET)
Subject: Re: frebsd jails advice
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Peter Boosten <peter@boosten.org>
X-Priority: 3 (Normal)
In-Reply-To: <109f3022fa5d61d76e455571461e30a1.squirrel@webmail.harte-lyne.ca>
Date: Tue, 11 Dec 2018 19:48:01 +0100
Cc: freebsd-questions <freebsd-questions@freebsd.org>
Message-Id: <384E2084-FF12-40BA-8A8D-61F3037FB6CD@boosten.org>
References: <mailman.100.1544443202.53946.freebsd-questions@freebsd.org>
 <c63903580701769959df71f117923b5a.squirrel@webmail.harte-lyne.ca>
 <b2a80245-49c1-0300-f76e-8bb70401d4f9@netfence.it>
 <109f3022fa5d61d76e455571461e30a1.squirrel@webmail.harte-lyne.ca>
To: byrnejb@harte-lyne.ca
X-Mailer: Apple Mail (2.3124)
X-SourceIP: 84.25.247.31
X-Ziggo-spambar: /
X-Ziggo-spamscore: 0.0
X-Ziggo-spamreport: CMAE Analysis: v=2.3 cv=E/qzWpVl c=1 sm=1 tr=0
 a=JWBJsaPp29SgP5DpYRBqZw==:17 a=2ur7OfE09M0A:10 a=6I5d2MoRAAAA:8
 a=iiPJHsPlw-C43MUCFLIA:9 a=QEXdDO2ut3YA:10 a=2w6hk7r1atEC1ZaUyEsA:9
 a=il-QagPA0zMTJA9o:21 a=_W_S_7VecoQA:10 a=IjZwj45LgO3ly-622nXo:22
X-Ziggo-Spam-Status: No
X-Spam-Status: No
X-Spam-Flag: No
X-Rspamd-Queue-Id: 9696385703
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org;
 spf=neutral (mx1.freebsd.org: 212.54.34.165 is neither permitted nor denied by
 domain of peter@boosten.org) smtp.mailfrom=peter@boosten.org
X-Spamd-Result: default: False [-0.25 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_NEUTRAL(0.00)[?all];
 FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 MIME_TRACE(0.00)[0:+,1:+]; DMARC_NA(0.00)[boosten.org];
 TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[4];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 MX_GOOD(-0.01)[boosten.dyndns.org]; RCPT_COUNT_TWO(0.00)[2];
 HAS_X_PRIO_THREE(0.00)[3]; NEURAL_HAM_SHORT(-0.54)[-0.537,0];
 RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[];
 RCVD_IN_DNSWL_LOW(-0.10)[165.34.54.212.list.dnswl.org : 127.0.5.1];
 R_DKIM_NA(0.00)[];
 ASN(0.00)[asn:33915, ipnet:212.54.32.0/20, country:NL];
 MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.00)[country: NL(0.01)];
 RECEIVED_SPAMHAUS_PBL(0.00)[31.247.25.84.zen.spamhaus.org : 127.0.0.11]
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 18:48:16 -0000

> On 11 Dec 2018, at 17:32, James B. Byrne via freebsd-questions =
<freebsd-questions@freebsd.org> wrote:
> [SNIP]

> [root@hll124 ~]# gvim
>=20
> X11 connection rejected because of wrong authentication.

> [SNIP]
>> What about ssh_config and sshd_config?
> Both the client host and the jail have pretty much the same settings.
>=20
> # Local overrides
> AllowTcpForwarding yes
> Banner /etc/ssh/ssh_pre_logon.txt
> GatewayPorts yes
> IgnoreRhosts yes
> IgnoreUserKnownHosts no
> KeepAlive yes
> LoginGraceTime 60
> PermitEmptyPasswords no
> PermitRootLogin without-password
> PrintMotd yes
> PubkeyAuthentication yes
> StrictModes yes
> ChallengeResponseAuthentication no
> MaxAuthTries 6
> PasswordAuthentication yes
> Protocol 2
>=20

What=E2=80=99s the setting of X11UseLocalhost in /etc/ssh/sshd_config on =
the jail?
You should set it to =E2=80=98NO=E2=80=99, because jails and localhost =
do not play together very nice.

Peter=