From owner-freebsd-current@FreeBSD.ORG Sun Jul 27 14:29:02 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3A6837B401 for ; Sun, 27 Jul 2003 14:29:02 -0700 (PDT) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id D649C43F3F for ; Sun, 27 Jul 2003 14:29:00 -0700 (PDT) (envelope-from diz@linuxpowered.com) Received: from linuxpowered.com (12-238-113-137.client.attbi.com[12.238.113.137](untrusted sender)) by comcast.net (rwcrmhc12) with SMTP id <2003072721290001400ck1uve> (Authid: jdisnard); Sun, 27 Jul 2003 21:29:00 +0000 Message-ID: <3F24440C.1000005@linuxpowered.com> Date: Sun, 27 Jul 2003 16:28:44 -0500 From: Jon Disnard User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pat Lashley References: <1454962704.1059337526@mccaffrey.phoenix.volant.org> In-Reply-To: <1454962704.1059337526@mccaffrey.phoenix.volant.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: current@freebsd.org Subject: Re: SSH from host to jail X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jul 2003 21:29:03 -0000 Pat Lashley wrote: > I'm trying to set up some jails in a 5.1R system. I've pretty much > copied a setup that was working fine in 4.8; but on 5.1 I can't seem > to SSH from the host system into one of its jails. It acts like the > packets just aren't getting through. > > I would really appreciate it if somebody would send me rc.conf fragments > that are known to work for setting up a jail's IP alias and routing on > 5.1. sure, but this isn't going to fix your problem: ifconfig_wi0="inet 192.168.0.140 netmask 255.255.255.0" ifconfig_wi0_alias0="inet 192.168.0.131 netmask 255.255.255.255" jail_enable="YES" jail_list="shiba" jail_shiba_hostname="shiba" jail_shiba_ip="192.168.0.131" jail_shiba_rootdir="/usr/prison/192_168_0_130/" jail_shiba_exec="/bin/sh /etc/rc" To fix your problem you should try to mount a devfs for the jail so the tty device is available for sshd to open when you login. I simply added one line to my /etc/rc.d/jail script to test for the "dev" mount-point in jail. Like so: [ -d "${jail_rootdir}/dev" ] && mount -t devfs ${jail_rootdir}\dev I suppose we could avoid this little fau pax in the future by adding a new jail specific rc.conf var like this example: jail_shiba_devfs="/usr/prison/192_168_0_130/dev" It could be easy to have it simply exist, or be non-null, to imply a desire for devfs, and further checked for the existence of the mount-point as I wrote above. I could have a pr+patch made in 5 minutes if anybody thinks this is not a bad idea? -Jon