From owner-freebsd-questions@FreeBSD.ORG Tue Apr 15 00:12:04 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5A0301ED for ; Tue, 15 Apr 2014 00:12:04 +0000 (UTC) Received: from mail.cyberleo.net (mtumishi.cyberleo.net [216.226.128.201]) by mx1.freebsd.org (Postfix) with ESMTP id 379AA1D8A for ; Tue, 15 Apr 2014 00:12:03 +0000 (UTC) Received: from [172.16.44.4] (vitani.den.cyberleo.net [216.80.73.130]) by mail.cyberleo.net (Postfix) with ESMTPSA id 41753645A; Mon, 14 Apr 2014 20:11:55 -0400 (EDT) Message-ID: <534C7936.2010504@cyberleo.net> Date: Mon, 14 Apr 2014 19:11:34 -0500 From: CyberLeo Kitsana User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: tyler@tysdomain.com Subject: Re: numerous questions: ssh and jails, installation with YASR support, migration, and development References: <534B24D0.8050903@tysdomain.com> <534B9085.4010300@cyberleo.net> <534C1050.2060705@tysdomain.com> In-Reply-To: <534C1050.2060705@tysdomain.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2014 00:12:04 -0000 On 04/14/2014 11:44 AM, Littlefield, Tyler wrote: > Hello: > Thanks all for the info, I really appreciate it. > > On 4/14/2014 3:38 AM, CyberLeo Kitsana wrote: >> On 04/13/2014 06:59 PM, Littlefield, Tyler wrote: >>> Hello all: >>> I had a few questions. I'm sorry for the long email, but I wanted to >>> lump them all together so I wasn't sending 90 emails. >>> >>> 1) I have a bunch of different jails configured on my BSD system. right >>> now I have PF doing RDR from port 30000+ to the port on the internal >>> jail IP. Obviously having 90 different ssh ports is a bit messy, is >>> there a way around this? Can I somehow set up SSH on the host to let me >>> log into the jail provided a username and password? >> Not that I've found yet. It might be a good idea to reconsider why you >> need all 90+ jails to be directly accessible via SSH in the first place. >> If you're on the same LAN as the host, you might be able to give each >> jail its own IP address, and just use those. Other options are the use >> of a VPN to grant you an IP in the jails' private subnet, or to use a >> locked down jail as a jump box into that subnet. > > I'll explain a bit of what I'm doing. I have a few services I'm offering > that I'm actually developing, so I manage the code through Git. I use > SCP a lot to edit files in production when I -really- need to, but I > wanted a quicker way to jump to dev2 jail and git pull, then reboot the > service. It's a lot easier if I can have direct access and just ssh to > do that work rather than su, switch to the jail, then su to the name. This is possible using a jumpbox and exploiting the ProxyCommand SSH directive. Here's an example of my .ssh/config: ----8<---- Host den HostName den.cyberleo.net User cyberleo Host hidden HostName hidden.den.cyberleo.net User cyberleo ForwardAgent yes Compression yes ProxyCommand ssh den nc %h %p 2>&- ----8<---- >From my command line, invoking 'ssh hidden' works just as if I was on the same subnet, as it tunnels the TCP connection through the jumpbox's SSH connection. Works with anything that uses SSH, too, like sftp, scp, and git. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net Furry Peace! - http://www.fur.com/peace/