numerous questions: ssh and jails, installation with YASR support, migration, and development

Littlefield, Tyler tyler at
Mon Apr 14 16:43:10 UTC 2014

Thanks all for the info, I really appreciate it.

On 4/14/2014 3:38 AM, CyberLeo Kitsana wrote:
> On 04/13/2014 06:59 PM, Littlefield, Tyler wrote:
>> Hello all:
>> I had a few questions. I'm sorry for the long email, but I wanted to
>> lump them all together so I wasn't sending 90 emails.
>> 1) I have a bunch of different jails configured on my BSD system. right
>> now I have PF doing RDR from port 30000+ to the port on the internal
>> jail IP. Obviously having 90 different ssh ports is a bit messy, is
>> there a way around this? Can I somehow set up SSH on the host to let me
>> log into the jail provided a username and password?
> Not that I've found yet. It might be a good idea to reconsider why you
> need all 90+ jails to be directly accessible via SSH in the first place.
> If you're on the same LAN as the host, you might be able to give each
> jail its own IP address, and just use those. Other options are the use
> of a VPN to grant you an IP in the jails' private subnet, or to use a
> locked down jail as a jump box into that subnet.

I'll explain a bit of what I'm doing. I have a few services I'm offering 
that I'm actually developing, so I manage the code through Git. I use 
SCP a lot to edit files in production when I -really- need to, but I 
wanted a quicker way to jump to dev2 jail and git pull, then reboot the 
service. It's a lot easier if I can have direct access and just ssh to 
do that work rather than su, switch to the jail, then su to the name.

> A lot of the more specialized jails I run don't even have sshd running;
> I just use jexec to hop into them whenever necessary.
> <snip>
>> 3) I'm starting to migrate my Linode services over to BSD. Is there a
>> way using DNS to migrate web first, then mail? I don't want to shut
>> everything off until I can move web over, make sure it works then move
>> mail. Is there a failsafe solution in case my postfix is broken for the
>> mail to fallback to the Linux server? How have people done this in the
>> past?
> Read up on the DNS MX RRtype for details on how to direct mail for a
> domain to dedicated machines.
>> 4) I would really like to start contributing code and patches to
>> FreeBSD. As of right now, I don't have a bsd system at home that I can
>> reinstall and upgrade without having to worry about breaking things. Is
>> there perhaps a way to do an installation over SSH or something so that
>> I can install FreeBSD in a vm? What do people use for development
>> systems? I thought about buying a cheap $10 server from Arpnetworks, but
>> money is a bit tight at the moment for me.
> Virtual machines work great for development, as long as you're not
> developing hardware drivers.
> Whatever you choose, just keep in mind that, when hacking the operating
> system itself, at some point you will probably break things to an extent
> that will require console access, if not a live CD, to correct. Using a
> machine for which you have naught but SSH access is risky.

I've never had this issue. As it is though, I can't access the console 
until I get some sort of speech set up, so I'm happy working through SSH.

Take care,
He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.

More information about the freebsd-questions mailing list