From owner-freebsd-questions@freebsd.org Fri Dec 23 21:16:08 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C3787C8E093 for ; Fri, 23 Dec 2016 21:16:08 +0000 (UTC) (envelope-from doug@safeport.com) Received: from cyrus.watson.org (cyrus.watson.org [198.74.231.69]) by mx1.freebsd.org (Postfix) with ESMTP id A0EE1DA9 for ; Fri, 23 Dec 2016 21:16:08 +0000 (UTC) (envelope-from doug@safeport.com) Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id 4629E46FD3; Fri, 23 Dec 2016 16:16:03 -0500 (EST) Received: from fledge.watson.org (doug@localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.15.2/8.15.2) with ESMTP id uBNLG2Qw007717; Fri, 23 Dec 2016 16:16:03 -0500 (EST) (envelope-from doug@safeport.com) Received: from localhost (doug@localhost) by fledge.watson.org (8.15.2/8.15.2/Submit) with ESMTP id uBNLG2Jv007714; Fri, 23 Dec 2016 16:16:02 -0500 (EST) (envelope-from doug@safeport.com) X-Authentication-Warning: fledge.watson.org: doug owned process doing -bs Date: Fri, 23 Dec 2016 16:16:02 -0500 (EST) From: doug@safeport.com X-X-Sender: doug@fledge.watson.org Reply-To: doug@fledge.watson.org To: byrnejb@harte-lyne.ca cc: Ernie Luzar , freebsd-questions@freebsd.org Subject: Re: IP address assignments to jails using ezjail In-Reply-To: <2390554002144fa9a925e1f8bed14466.squirrel@webmail.harte-lyne.ca> Message-ID: References: <585C993B.7040805@gmail.com> <2390554002144fa9a925e1f8bed14466.squirrel@webmail.harte-lyne.ca> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (fledge.watson.org [127.0.0.1]); Fri, 23 Dec 2016 16:16:03 -0500 (EST) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Dec 2016 21:16:08 -0000 On Fri, 23 Dec 2016, James B. Byrne via freebsd-questions wrote: > > On Thu, December 22, 2016 22:25, Ernie Luzar wrote: > >> >> 3. Take ubound out of the mix by not starting that jail. Then use only >> ip addresses in your host to jail ssh command. >> >> 4. What is output of issuing host ssh command to a jail? Does host >> answer? >> > > Inbound ssh to the jail works: > > $ ssh -vv 192.168.216.196 > OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to 192.168.216.196 [192.168.216.196] port 22. > debug1: Connection established. > . . . > Password for user1@hlldrupal: > > > Outbound ssh from the jail does not: > > > # ssh -vv 192.168.216.22 > OpenSSH_7.2p2, OpenSSL 1.0.2j-freebsd 26 Sep 2016 > debug1: Reading configuration data /etc/ssh/ssh_config > debug2: resolving "192.168.216.22" port 22 > debug2: ssh_connect_direct: needpriv 0 > debug1: Connecting to 192.168.216.22 [192.168.216.22] port 22. > debug1: connect to address 192.168.216.22 port 22: Operation timed out > ssh: connect to host 192.168.216.22 port 22: Operation timed out > > > There is no firewall running on either the jail or the jail host. Can you ssh from the host?