SSH from host to jail

Pat Lashley patl at
Mon Jul 28 12:59:51 PDT 2003

--On Sunday, July 27, 2003 16:28:44 -0500 Jon Disnard 
<diz at> wrote:

> Pat Lashley wrote:
>> I'm trying to set up some jails in a 5.1R system.  I've pretty much
>> copied a setup that was working fine in 4.8; but on 5.1 I can't seem
>> to SSH from the host system into one of its jails.  It acts like the
>> packets just aren't getting through.
>> I would really appreciate it if somebody would send me rc.conf fragments
>> that are known to work for setting up a jail's IP alias and routing on
>> 5.1.
> sure, but this isn't going to fix your problem:
> ifconfig_wi0="inet netmask"
> ifconfig_wi0_alias0="inet netmask"
> jail_enable="YES"
> jail_list="shiba"
> jail_shiba_hostname="shiba"
> jail_shiba_ip=""
> jail_shiba_rootdir="/usr/prison/192_168_0_130/"
> jail_shiba_exec="/bin/sh /etc/rc"

Thanks, but this isn't the part I'm interested in.  It looks like
what I need is the stuff that sets up the IP alias, routing, etc.
for the jail.  The ifconfig_*_alias* and any route_* or related
rc.conf entries.

> To fix your problem you should try to mount a devfs for the jail so the
> tty device is available for sshd to open when you login. I simply added
> one line to my /etc/rc.d/jail script to test for the "dev" mount-point in
> jail. Like so:

Nope, I had a devfs set up.

Note that I'm still getting them set up; so I'm starting them by hand
instead of using the rc script.  (Well, actually, I'll use an updated
version of the script I was using on 4.8 because I have some additional
work I want done there and I don't want to start the jails until after
the stuff in /usr/local/etc/rc.d have been run.)

> It could be easy to have it simply exist, or be non-null, to imply a
> desire for devfs, and further checked for the existence of the
> mount-point as I wrote above.
> I could have a pr+patch made in 5 minutes if anybody thinks this is not a
> bad idea?

Sounds good to me.  And a similar patch for procfs.

Or perhaps some more generic solution that would allow for open-ended
additional mounts?


Then in the loop in /etc/rc.d/jail:

	eval jail_fstab=\"$jail_${_jail}_mounts\"
	[ -n $jail_fstab ] && mount -a -F $jail_fstab

Note that fstab.mumble is outside the jail; and should only contain
entries for devfs, procfs, and other mounts to be done on top of the
jail before starting it.


More information about the freebsd-current mailing list