Date: Mon, 14 Apr 2014 12:44:00 -0400 From: "Littlefield, Tyler" <tyler@tysdomain.com> To: CyberLeo Kitsana <cyberleo@cyberleo.net> Cc: freebsd-questions@freebsd.org Subject: Re: numerous questions: ssh and jails, installation with YASR support, migration, and development Message-ID: <534C1050.2060705@tysdomain.com> In-Reply-To: <534B9085.4010300@cyberleo.net> References: <534B24D0.8050903@tysdomain.com> <534B9085.4010300@cyberleo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello: Thanks all for the info, I really appreciate it. On 4/14/2014 3:38 AM, CyberLeo Kitsana wrote: > On 04/13/2014 06:59 PM, Littlefield, Tyler wrote: >> Hello all: >> I had a few questions. I'm sorry for the long email, but I wanted to >> lump them all together so I wasn't sending 90 emails. >> >> 1) I have a bunch of different jails configured on my BSD system. right >> now I have PF doing RDR from port 30000+ to the port on the internal >> jail IP. Obviously having 90 different ssh ports is a bit messy, is >> there a way around this? Can I somehow set up SSH on the host to let me >> log into the jail provided a username and password? > Not that I've found yet. It might be a good idea to reconsider why you > need all 90+ jails to be directly accessible via SSH in the first place. > If you're on the same LAN as the host, you might be able to give each > jail its own IP address, and just use those. Other options are the use > of a VPN to grant you an IP in the jails' private subnet, or to use a > locked down jail as a jump box into that subnet. I'll explain a bit of what I'm doing. I have a few services I'm offering that I'm actually developing, so I manage the code through Git. I use SCP a lot to edit files in production when I -really- need to, but I wanted a quicker way to jump to dev2 jail and git pull, then reboot the service. It's a lot easier if I can have direct access and just ssh to do that work rather than su, switch to the jail, then su to the name. > A lot of the more specialized jails I run don't even have sshd running; > I just use jexec to hop into them whenever necessary. > > <snip> > >> 3) I'm starting to migrate my Linode services over to BSD. Is there a >> way using DNS to migrate web first, then mail? I don't want to shut >> everything off until I can move web over, make sure it works then move >> mail. Is there a failsafe solution in case my postfix is broken for the >> mail to fallback to the Linux server? How have people done this in the >> past? > Read up on the DNS MX RRtype for details on how to direct mail for a > domain to dedicated machines. > >> 4) I would really like to start contributing code and patches to >> FreeBSD. As of right now, I don't have a bsd system at home that I can >> reinstall and upgrade without having to worry about breaking things. Is >> there perhaps a way to do an installation over SSH or something so that >> I can install FreeBSD in a vm? What do people use for development >> systems? I thought about buying a cheap $10 server from Arpnetworks, but >> money is a bit tight at the moment for me. > Virtual machines work great for development, as long as you're not > developing hardware drivers. > > Whatever you choose, just keep in mind that, when hacking the operating > system itself, at some point you will probably break things to an extent > that will require console access, if not a live CD, to correct. Using a > machine for which you have naught but SSH access is risky. > I've never had this issue. As it is though, I can't access the console until I get some sort of speech set up, so I'm happy working through SSH. -- Take care, Ty http://tds-solutions.net He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?534C1050.2060705>