numerous questions: ssh and jails, installation with YASR support, migration, and development

CyberLeo Kitsana cyberleo at
Tue Apr 15 00:12:04 UTC 2014

On 04/14/2014 11:44 AM, Littlefield, Tyler wrote:
> Hello:
> Thanks all for the info, I really appreciate it.
> On 4/14/2014 3:38 AM, CyberLeo Kitsana wrote:
>> On 04/13/2014 06:59 PM, Littlefield, Tyler wrote:
>>> Hello all:
>>> I had a few questions. I'm sorry for the long email, but I wanted to
>>> lump them all together so I wasn't sending 90 emails.
>>> 1) I have a bunch of different jails configured on my BSD system. right
>>> now I have PF doing RDR from port 30000+ to the port on the internal
>>> jail IP. Obviously having 90 different ssh ports is a bit messy, is
>>> there a way around this? Can I somehow set up SSH on the host to let me
>>> log into the jail provided a username and password?
>> Not that I've found yet. It might be a good idea to reconsider why you
>> need all 90+ jails to be directly accessible via SSH in the first place.
>> If you're on the same LAN as the host, you might be able to give each
>> jail its own IP address, and just use those. Other options are the use
>> of a VPN to grant you an IP in the jails' private subnet, or to use a
>> locked down jail as a jump box into that subnet.
> I'll explain a bit of what I'm doing. I have a few services I'm offering
> that I'm actually developing, so I manage the code through Git. I use
> SCP a lot to edit files in production when I -really- need to, but I
> wanted a quicker way to jump to dev2 jail and git pull, then reboot the
> service. It's a lot easier if I can have direct access and just ssh to
> do that work rather than su, switch to the jail, then su to the name.

This is possible using a jumpbox and exploiting the ProxyCommand SSH

Here's an example of my .ssh/config:


Host den
  User cyberleo

Host hidden
  User cyberleo
  ForwardAgent yes
  Compression yes
  ProxyCommand ssh den nc %h %p 2>&-


>From my command line, invoking 'ssh hidden' works just as if I was on
the same subnet, as it tunnels the TCP connection through the jumpbox's
SSH connection. Works with anything that uses SSH, too, like sftp, scp,
and git.

Fuzzy love,
Technical Administrator
CyberLeo.Net Webhosting
<CyberLeo at CyberLeo.Net>

Furry Peace! -

More information about the freebsd-questions mailing list