Date: Sun, 28 Sep 2003 21:01:38 +0800 (CST) From: =?big5?q?maillist=20bsd?= <bsdmaillist@yahoo.com.hk> To: Yonatan Bokovza <Yonatan@xpert.com>, freebsd-questions@freebsd.org Cc: bsdmaillist@yahoo.com.hk Subject: RE: My jail can not ssh.. Message-ID: <20030928130138.92688.qmail@web9505.mail.yahoo.com> In-Reply-To: <C2DC75EEA405354AA9C03EF5CB8CDE089AAB71@exchange.xpert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all, What will be the possible problem.. As i make the jail environment with jail script. jail.sh file D=/home/jail/192.168.1.1 cd /usr/src mkdir -p $D make world DESTDIR=$D cd etc make distribution DESTDIR=$D -DNO_MAKEDEV_RUN cd $D/dev sh MAKEDEV jail cd $D ln -sf dev/null kernel #mkdir -p /home/192.168.1.1/stand #cp /stand/sysinstall /home/192.168.1.1/stand # jail /home/jail/192.168.1.1 web 192.168.1.1 /bin/sh #touch /etc/fstab #vi rc.conf sendmail_enable="NONE" sshd_enable="YES" inetd_enable="YES" inetd_flags="-wW -a 192.168.1.1" syslogd_enable="YES" syslogd_flags="-ss" portmap_enable="NO" #vi /etc/resolv.conf nameserver 1.2.3.4 #passwd root #pw useradd kinux -g wheel -d /home/kinux -s /bin/csh -m #/stand/sysinstall -->config -->timezone and configure it is HKT. # # jail /home/jail/192.168.1.1 web 192.168.1.1 /bin/sh /etc/rc Skipping disk checks ... adjkerntz[38464]: sysctl(put_wallclock): Operation not permitted Doing initial network setup:. ifconfig: ioctl (SIOCDIFADDR): permission denied lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 Additional routing options: TCP keepalive=YESsysctl: net.inet.tcp.always_keepalive: Operation not permitted . Routing daemons:. Additional daemons: syslogd. Doing additional network setup:. Starting final network daemons: creating ssh1 RSA host key Generating public/private rsa1 key pair. Your identification has been saved in /etc/ssh/ssh_host_key. Your public key has been saved in /etc/ssh/ssh_host_key.pub. The key fingerprint is: a4:91:9a:b7:92:fe:8b:34:fa:6d:d7:42:a6:d5:77:57 root@web creating ssh2 RSA host key Generating public/private rsa key pair. Your identification has been saved in /etc/ssh/ssh_host_rsa_key. Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub. The key fingerprint is: e2:26:5b:c8:f8:ee:c0:06:12:30:5e:fb:d0:f6:c2:05 root@web creating ssh2 DSA host key Generating public/private dsa key pair. Your identification has been saved in /etc/ssh/ssh_host_dsa_key. Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub. The key fingerprint is: ee:b8:65:eb:e0:6f:0f:6d:dd:e9:3c:52:e0:d4:5d:d6 root@web . ELF ldconfig path: /usr/lib /usr/lib/compat a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout Starting standard daemons: inetd cron sshd. Initial rc.i386 initialization:. Additional ABI support:. Local package initialization:. Additional TCP options:. Sun Sep 28 21:00:24 HKT 2003 # ssh -l kinux 192.168.1.1 The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established. DSA key fingerprint is ee:b8:65:eb:e0:6f:0f:6d:dd:e9:3c:52:e0:d4:5d:d6. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.1' (DSA) to the list of known hosts. Connection closed by 192.168.1.1 %ps -aux | grep J kinux 38557 0.0 0.4 1064 540 p1 S+ 9:14PM 0:00.00 grep J root 38498 0.0 0.5 948 632 ?? IsJ 9:00PM 0:00.01 /usr/sbin/syslog root 38508 0.0 0.5 1044 672 ?? IsJ 9:00PM 0:00.00 /usr/sbin/inetd root 38510 0.0 0.6 1024 776 ?? IsJ 9:00PM 0:00.01 /usr/sbin/cron root 38512 0.0 1.6 2592 2016 ?? IsJ 9:00PM 0:00.37 /usr/sbin/sshd Thanks Yonatan Bokovza <Yonatan@xpert.com> wrote: > -----Original Message----- > From: Pat Lashley [mailto:patl+freebsd@volant.org] > Sent: Tuesday, September 16, 2003 11:18 > To: freebsd-questions@freebsd.org; maillist bsd > Cc: freebsd-hackers@freebsd.org > Subject: Re: My jail can not ssh.. > > > --On Tuesday, September 16, 2003 09:07:15 +0100 Matthew Seaman > wrote: > > > On Tue, Sep 16, 2003 at 04:16:31AM +0800, maillist bsd wrote: > > > >> I am just testing jail on my FreeBSD4.8-stable box, i > found i can not > >> ssh to the jail environment, but i can telnet to jail > environment, the > >> sshd is running both inside and outside jail. What's the problem. > > > > I suspect that your problem is that the sshd(8) in your > host and jail > > environments are both binding to IN_ADDR_ANY. That means > both daemons > > are fighting over the loopback interface (at least). > > Another subtle thing that can cause problem is if the jailed SSH > can't do DNS resolution. Telnet in and run your favorite DNS > query app (host, dnsip, dig, nslookup, etc.). If it fails, check > resolv.conf in the jail; and check the access controls on your > name server And yet another problem is that ssh needs /dev/[u]random. Try mounting devfs in the jail's /dev and see if it works for you. The error message is something along the line of "PRNG not initialized". 「向左走 向右走」趣怪 VoiceMail 歡迎詞.... http://voicemail.yahoo.com.hk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030928130138.92688.qmail>