From owner-freebsd-questions@FreeBSD.ORG Sun Dec 23 14:46:50 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7AD98850 for ; Sun, 23 Dec 2012 14:46:50 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 04BAC8FC0C for ; Sun, 23 Dec 2012 14:46:49 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id qBNEkZZP040679 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sun, 23 Dec 2012 14:46:36 GMT (envelope-from matthew@FreeBSD.org) DKIM-Filter: OpenDKIM Filter v2.7.3 smtp.infracaninophile.co.uk qBNEkZZP040679 Authentication-Results: smtp.infracaninophile.co.uk/qBNEkZZP040679; dkim=none reason="no signature"; dkim-adsp=none (insecure policy) Message-ID: <50D71941.10306@FreeBSD.org> Date: Sun, 23 Dec 2012 14:46:25 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: Fbsd8 Subject: Re: how to configure host login account to use jail? References: <50D66FEF.5040105@a1poweruser.com> <7B1B77F2-A104-4796-996B-DA5B8D448D54@my.gd> <50D702F6.6010408@a1poweruser.com> In-Reply-To: <50D702F6.6010408@a1poweruser.com> X-Enigmail-Version: 1.4.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigBCFC9A925B6E9951E0D327E0" X-Virus-Scanned: clamav-milter 0.97.6 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,SPF_SOFTFAIL autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Cc: Damien Fleuriot , FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Dec 2012 14:46:50 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigBCFC9A925B6E9951E0D327E0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 23/12/2012 13:11, Fbsd8 wrote: > Ok but as my question asks, how do you configure things > to get that to work? I am after the details. You need to run an instance of sshd in each jail. Because sshd defaults to binding to INADDR_ANY, you need to modify the sshd configuration in the host system, so it binds to a specific address, otherwise it will likely block out the jailed sshd's: ListenAddress 192.0.2.1 ListenAddress 2001:DB8::1 ListenAddress 127.0.0.1 ListenAddress ::1 sshd in the jails doesn't need any similar configuration change. You don't need user accounts in your host system for the jail users -- each jail can have it's own passwd file etc. However, it can be useful to make sure that UID numbers for regular users in host and jails don't overlap. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --------------enigBCFC9A925B6E9951E0D327E0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDXGUoACgkQ8Mjk52CukIw/LgCeMjMeoovPcYMUvgKOWEv4716a C8YAoICqlGwvLqTxUrQh3i/mmssHOaw7 =OrGm -----END PGP SIGNATURE----- --------------enigBCFC9A925B6E9951E0D327E0--