Date: Sun, 23 Dec 2012 10:27:18 -0500 From: Fbsd8 <fbsd8@a1poweruser.com> To: Matthew Seaman <matthew@FreeBSD.org> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: how to configure host login account to use jail? Message-ID: <50D722D6.5070001@a1poweruser.com> In-Reply-To: <50D71941.10306@FreeBSD.org> References: <50D66FEF.5040105@a1poweruser.com> <7B1B77F2-A104-4796-996B-DA5B8D448D54@my.gd> <50D702F6.6010408@a1poweruser.com> <50D71941.10306@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote: > On 23/12/2012 13:11, Fbsd8 wrote: >> Ok but as my question asks, how do you configure things >> to get that to work? I am after the details. > > You need to run an instance of sshd in each jail. Because sshd defaults > to binding to INADDR_ANY, you need to modify the sshd configuration in > the host system, so it binds to a specific address, otherwise it will > likely block out the jailed sshd's: > > ListenAddress 192.0.2.1 > ListenAddress 2001:DB8::1 > ListenAddress 127.0.0.1 > ListenAddress ::1 > > sshd in the jails doesn't need any similar configuration change. > > You don't need user accounts in your host system for the jail users -- > each jail can have it's own passwd file etc. However, it can be useful > to make sure that UID numbers for regular users in host and jails don't > overlap. > > Cheers, > > Matthew > > What does the remote ssh login command look like? ssh on the host does not use the standard port 22. It uses 2299 instead. this stopped all the ssh break-in attempts.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50D722D6.5070001>