From owner-freebsd-questions@FreeBSD.ORG Sun Sep 28 06:01:41 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF03316A4B3 for ; Sun, 28 Sep 2003 06:01:41 -0700 (PDT) Received: from web9505.mail.yahoo.com (web9505.mail.yahoo.com [216.136.129.135]) by mx1.FreeBSD.org (Postfix) with SMTP id 5C9B643FE0 for ; Sun, 28 Sep 2003 06:01:38 -0700 (PDT) (envelope-from bsdmaillist@yahoo.com.hk) Message-ID: <20030928130138.92688.qmail@web9505.mail.yahoo.com> Received: from [202.85.131.68] by web9505.mail.yahoo.com via HTTP; Sun, 28 Sep 2003 21:01:38 CST Date: Sun, 28 Sep 2003 21:01:38 +0800 (CST) From: =?big5?q?maillist=20bsd?= To: Yonatan Bokovza , freebsd-questions@freebsd.org In-Reply-To: MIME-Version: 1.0 X-Mailman-Approved-At: Sun, 28 Sep 2003 06:23:05 -0700 Content-Type: text/plain; charset=big5 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: bsdmaillist@yahoo.com.hk Subject: RE: My jail can not ssh.. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Sep 2003 13:01:41 -0000 Hi all, What will be the possible problem.. As i make the jail environment with jail script. jail.sh file D=/home/jail/192.168.1.1 cd /usr/src mkdir -p $D make world DESTDIR=$D cd etc make distribution DESTDIR=$D -DNO_MAKEDEV_RUN cd $D/dev sh MAKEDEV jail cd $D ln -sf dev/null kernel #mkdir -p /home/192.168.1.1/stand #cp /stand/sysinstall /home/192.168.1.1/stand # jail /home/jail/192.168.1.1 web 192.168.1.1 /bin/sh #touch /etc/fstab #vi rc.conf sendmail_enable="NONE" sshd_enable="YES" inetd_enable="YES" inetd_flags="-wW -a 192.168.1.1" syslogd_enable="YES" syslogd_flags="-ss" portmap_enable="NO" #vi /etc/resolv.conf nameserver 1.2.3.4 #passwd root #pw useradd kinux -g wheel -d /home/kinux -s /bin/csh -m #/stand/sysinstall -->config -->timezone and configure it is HKT. # # jail /home/jail/192.168.1.1 web 192.168.1.1 /bin/sh /etc/rc Skipping disk checks ... adjkerntz[38464]: sysctl(put_wallclock): Operation not permitted Doing initial network setup:. ifconfig: ioctl (SIOCDIFADDR): permission denied lo0: flags=8049 mtu 16384 Additional routing options: TCP keepalive=YESsysctl: net.inet.tcp.always_keepalive: Operation not permitted . Routing daemons:. Additional daemons: syslogd. Doing additional network setup:. Starting final network daemons: creating ssh1 RSA host key Generating public/private rsa1 key pair. Your identification has been saved in /etc/ssh/ssh_host_key. Your public key has been saved in /etc/ssh/ssh_host_key.pub. The key fingerprint is: a4:91:9a:b7:92:fe:8b:34:fa:6d:d7:42:a6:d5:77:57 root@web creating ssh2 RSA host key Generating public/private rsa key pair. Your identification has been saved in /etc/ssh/ssh_host_rsa_key. Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub. The key fingerprint is: e2:26:5b:c8:f8:ee:c0:06:12:30:5e:fb:d0:f6:c2:05 root@web creating ssh2 DSA host key Generating public/private dsa key pair. Your identification has been saved in /etc/ssh/ssh_host_dsa_key. Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub. The key fingerprint is: ee:b8:65:eb:e0:6f:0f:6d:dd:e9:3c:52:e0:d4:5d:d6 root@web . ELF ldconfig path: /usr/lib /usr/lib/compat a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout Starting standard daemons: inetd cron sshd. Initial rc.i386 initialization:. Additional ABI support:. Local package initialization:. Additional TCP options:. Sun Sep 28 21:00:24 HKT 2003 # ssh -l kinux 192.168.1.1 The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established. DSA key fingerprint is ee:b8:65:eb:e0:6f:0f:6d:dd:e9:3c:52:e0:d4:5d:d6. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.1' (DSA) to the list of known hosts. Connection closed by 192.168.1.1 %ps -aux | grep J kinux 38557 0.0 0.4 1064 540 p1 S+ 9:14PM 0:00.00 grep J root 38498 0.0 0.5 948 632 ?? IsJ 9:00PM 0:00.01 /usr/sbin/syslog root 38508 0.0 0.5 1044 672 ?? IsJ 9:00PM 0:00.00 /usr/sbin/inetd root 38510 0.0 0.6 1024 776 ?? IsJ 9:00PM 0:00.01 /usr/sbin/cron root 38512 0.0 1.6 2592 2016 ?? IsJ 9:00PM 0:00.37 /usr/sbin/sshd Thanks Yonatan Bokovza wrote: > -----Original Message----- > From: Pat Lashley [mailto:patl+freebsd@volant.org] > Sent: Tuesday, September 16, 2003 11:18 > To: freebsd-questions@freebsd.org; maillist bsd > Cc: freebsd-hackers@freebsd.org > Subject: Re: My jail can not ssh.. > > > --On Tuesday, September 16, 2003 09:07:15 +0100 Matthew Seaman > wrote: > > > On Tue, Sep 16, 2003 at 04:16:31AM +0800, maillist bsd wrote: > > > >> I am just testing jail on my FreeBSD4.8-stable box, i > found i can not > >> ssh to the jail environment, but i can telnet to jail > environment, the > >> sshd is running both inside and outside jail. What's the problem. > > > > I suspect that your problem is that the sshd(8) in your > host and jail > > environments are both binding to IN_ADDR_ANY. That means > both daemons > > are fighting over the loopback interface (at least). > > Another subtle thing that can cause problem is if the jailed SSH > can't do DNS resolution. Telnet in and run your favorite DNS > query app (host, dnsip, dig, nslookup, etc.). If it fails, check > resolv.conf in the jail; and check the access controls on your > name server And yet another problem is that ssh needs /dev/[u]random. Try mounting devfs in the jail's /dev and see if it works for you. The error message is something along the line of "PRNG not initialized". 「向左走 向右走」趣怪 VoiceMail 歡迎詞.... http://voicemail.yahoo.com.hk