how to configure host login account to use jail?

Fbsd8 fbsd8 at
Sun Dec 23 23:37:00 UTC 2012

Fbsd8 wrote:
> Matthew Seaman wrote:
>> On 23/12/2012 13:11, Fbsd8 wrote:
>>> Ok but as my question asks, how do you configure things
>>> to get that to work? I am after the details.
>> You need to run an instance of sshd in each jail.  Because sshd defaults
>> to binding to INADDR_ANY, you need to modify the sshd configuration in
>> the host system, so it binds to a specific address, otherwise it will
>> likely block out the jailed sshd's:
>> ListenAddress
>> ListenAddress 2001:DB8::1
>> ListenAddress
>> ListenAddress ::1
>> sshd in the jails doesn't need any similar configuration change.
>> You don't need user accounts in your host system for the jail users --
>> each jail can have it's own passwd file etc.  However, it can be useful
>> to make sure that UID numbers for regular users in host and jails don't
>> overlap.
>>     Cheers,
>>     Matthew
> What does the remote ssh login command look like?
> ssh on the host does not use the standard port 22.
> It uses 2299 instead. this stopped all the ssh break-in attempts.

Have things working all except ssh login to jail from an FBSD box on the 
lan using native ssh command syntax. This is what I have

Have single jail for testing assigned ip address of and it 
has jail option for auto alias create/remove. From the host I logged 
into the jail and did these commands

This turns on ssh in jail
echo "sshd_enable="YES"" >> /etc/rc.conf

Turn off dns check for fast jail start
echo "UseDNS no" >> /etc/ssh/sshd_config

Did adduser to create user account in jail to ssh into.
Stop and restart jail for changes to take effect

ssh on host has been changed to use port 9922.
This stopped all the ssh break-in attempts from the public internet.

 From putty on xp box on lan can ssh to 9922 and login to any 
user account on host. Using 22 login to user account on jail 
just fine.

 From another lan box running FBSD can ssh into host user accounts using 
this command ssh host-user-account-name at just fine

But I can not figure out syntax for native ssh command to login to jail.

This is where in need some help in coding the correct -options and what 
values to use where. I read the man pages on ssh but its clear as mud to 

More information about the freebsd-questions mailing list