Date: Mon, 14 Apr 2014 19:11:34 -0500 From: CyberLeo Kitsana <cyberleo@cyberleo.net> To: tyler@tysdomain.com Cc: freebsd-questions@freebsd.org Subject: Re: numerous questions: ssh and jails, installation with YASR support, migration, and development Message-ID: <534C7936.2010504@cyberleo.net> In-Reply-To: <534C1050.2060705@tysdomain.com> References: <534B24D0.8050903@tysdomain.com> <534B9085.4010300@cyberleo.net> <534C1050.2060705@tysdomain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/14/2014 11:44 AM, Littlefield, Tyler wrote: > Hello: > Thanks all for the info, I really appreciate it. > > On 4/14/2014 3:38 AM, CyberLeo Kitsana wrote: >> On 04/13/2014 06:59 PM, Littlefield, Tyler wrote: >>> Hello all: >>> I had a few questions. I'm sorry for the long email, but I wanted to >>> lump them all together so I wasn't sending 90 emails. >>> >>> 1) I have a bunch of different jails configured on my BSD system. right >>> now I have PF doing RDR from port 30000+ to the port on the internal >>> jail IP. Obviously having 90 different ssh ports is a bit messy, is >>> there a way around this? Can I somehow set up SSH on the host to let me >>> log into the jail provided a username and password? >> Not that I've found yet. It might be a good idea to reconsider why you >> need all 90+ jails to be directly accessible via SSH in the first place. >> If you're on the same LAN as the host, you might be able to give each >> jail its own IP address, and just use those. Other options are the use >> of a VPN to grant you an IP in the jails' private subnet, or to use a >> locked down jail as a jump box into that subnet. > > I'll explain a bit of what I'm doing. I have a few services I'm offering > that I'm actually developing, so I manage the code through Git. I use > SCP a lot to edit files in production when I -really- need to, but I > wanted a quicker way to jump to dev2 jail and git pull, then reboot the > service. It's a lot easier if I can have direct access and just ssh to > do that work rather than su, switch to the jail, then su to the name. This is possible using a jumpbox and exploiting the ProxyCommand SSH directive. Here's an example of my .ssh/config: ----8<---- Host den HostName den.cyberleo.net User cyberleo Host hidden HostName hidden.den.cyberleo.net User cyberleo ForwardAgent yes Compression yes ProxyCommand ssh den nc %h %p 2>&- ----8<---- >From my command line, invoking 'ssh hidden' works just as if I was on the same subnet, as it tunnels the TCP connection through the jumpbox's SSH connection. Works with anything that uses SSH, too, like sftp, scp, and git. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net <CyberLeo@CyberLeo.Net> Furry Peace! - http://www.fur.com/peace/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?534C7936.2010504>