Date: Tue, 6 Dec 2016 22:05:09 -0800 (PST) From: Robroy Gregg <robroy@robroygregg.com> To: lists@bertram-scharpf.de Cc: freebsd-questions@freebsd.org Subject: Re: Closed port 22 in the jail redirects to the outer system Message-ID: <alpine.BSF.2.20.1612062144350.55755@funmax.d.net> In-Reply-To: <584765FD.6050901@gmail.com> References: <20161207002440.GA26711@becker.bs.l> <584765FD.6050901@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Good day Bertram, Bertram Scharpf wrote: > How can I make a port 22 request fail if an SSH server is running on the > outer machine but not inside the jail? If I've understood your situation correctly, the idea here's to configure the host FreeBSD system's ssh daemon to associate itself only with the host system's IP address. By default, the ssh daemon associates itself with all IP addresses your computer's configured to use (host + jails), which leads to the fall-through effect you're experiencing when your jail's ssh daemon isn't running. On the host system, edit /etc/ssh/sshd_config, and add a line like this, assuming your host system's IP is 10.0.0.1. ListenAddress 10.0.0.1 Once the host system's ssh daemon has been re-started, it'll associate itself only with 10.0.0.1, instead of its default (0.0.0.0, which will match everything--including the IPs used by jails). Happiness to you Bertram, Robroy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1612062144350.55755>