From owner-freebsd-questions@FreeBSD.ORG Mon Apr 14 16:43:10 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 699A6DB8 for ; Mon, 14 Apr 2014 16:43:10 +0000 (UTC) Received: from tds-solutions.net (tds-solutions.net [69.164.206.65]) by mx1.freebsd.org (Postfix) with ESMTP id 35D9D1D6B for ; Mon, 14 Apr 2014 16:43:10 +0000 (UTC) Received: from [192.168.1.226] (unknown [69.43.65.114]) (Authenticated sender: tyler) by tds-solutions.net (Postfix) with ESMTPSA id DA971A22E; Mon, 14 Apr 2014 10:43:08 -0600 (MDT) Message-ID: <534C1050.2060705@tysdomain.com> Date: Mon, 14 Apr 2014 12:44:00 -0400 From: "Littlefield, Tyler" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120907 Thunderbird/15.0.1 MIME-Version: 1.0 To: CyberLeo Kitsana Subject: Re: numerous questions: ssh and jails, installation with YASR support, migration, and development References: <534B24D0.8050903@tysdomain.com> <534B9085.4010300@cyberleo.net> In-Reply-To: <534B9085.4010300@cyberleo.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: tyler@tysdomain.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2014 16:43:10 -0000 Hello: Thanks all for the info, I really appreciate it. On 4/14/2014 3:38 AM, CyberLeo Kitsana wrote: > On 04/13/2014 06:59 PM, Littlefield, Tyler wrote: >> Hello all: >> I had a few questions. I'm sorry for the long email, but I wanted to >> lump them all together so I wasn't sending 90 emails. >> >> 1) I have a bunch of different jails configured on my BSD system. right >> now I have PF doing RDR from port 30000+ to the port on the internal >> jail IP. Obviously having 90 different ssh ports is a bit messy, is >> there a way around this? Can I somehow set up SSH on the host to let me >> log into the jail provided a username and password? > Not that I've found yet. It might be a good idea to reconsider why you > need all 90+ jails to be directly accessible via SSH in the first place. > If you're on the same LAN as the host, you might be able to give each > jail its own IP address, and just use those. Other options are the use > of a VPN to grant you an IP in the jails' private subnet, or to use a > locked down jail as a jump box into that subnet. I'll explain a bit of what I'm doing. I have a few services I'm offering that I'm actually developing, so I manage the code through Git. I use SCP a lot to edit files in production when I -really- need to, but I wanted a quicker way to jump to dev2 jail and git pull, then reboot the service. It's a lot easier if I can have direct access and just ssh to do that work rather than su, switch to the jail, then su to the name. > A lot of the more specialized jails I run don't even have sshd running; > I just use jexec to hop into them whenever necessary. > > > >> 3) I'm starting to migrate my Linode services over to BSD. Is there a >> way using DNS to migrate web first, then mail? I don't want to shut >> everything off until I can move web over, make sure it works then move >> mail. Is there a failsafe solution in case my postfix is broken for the >> mail to fallback to the Linux server? How have people done this in the >> past? > Read up on the DNS MX RRtype for details on how to direct mail for a > domain to dedicated machines. > >> 4) I would really like to start contributing code and patches to >> FreeBSD. As of right now, I don't have a bsd system at home that I can >> reinstall and upgrade without having to worry about breaking things. Is >> there perhaps a way to do an installation over SSH or something so that >> I can install FreeBSD in a vm? What do people use for development >> systems? I thought about buying a cheap $10 server from Arpnetworks, but >> money is a bit tight at the moment for me. > Virtual machines work great for development, as long as you're not > developing hardware drivers. > > Whatever you choose, just keep in mind that, when hacking the operating > system itself, at some point you will probably break things to an extent > that will require console access, if not a live CD, to correct. Using a > machine for which you have naught but SSH access is risky. > I've never had this issue. As it is though, I can't access the console until I get some sort of speech set up, so I'm happy working through SSH. -- Take care, Ty http://tds-solutions.net He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.