numerous questions: ssh and jails, installation with YASR support, migration, and development
CyberLeo Kitsana
cyberleo at cyberleo.net
Tue Apr 15 00:12:04 UTC 2014
On 04/14/2014 11:44 AM, Littlefield, Tyler wrote:
> Hello:
> Thanks all for the info, I really appreciate it.
>
> On 4/14/2014 3:38 AM, CyberLeo Kitsana wrote:
>> On 04/13/2014 06:59 PM, Littlefield, Tyler wrote:
>>> Hello all:
>>> I had a few questions. I'm sorry for the long email, but I wanted to
>>> lump them all together so I wasn't sending 90 emails.
>>>
>>> 1) I have a bunch of different jails configured on my BSD system. right
>>> now I have PF doing RDR from port 30000+ to the port on the internal
>>> jail IP. Obviously having 90 different ssh ports is a bit messy, is
>>> there a way around this? Can I somehow set up SSH on the host to let me
>>> log into the jail provided a username and password?
>> Not that I've found yet. It might be a good idea to reconsider why you
>> need all 90+ jails to be directly accessible via SSH in the first place.
>> If you're on the same LAN as the host, you might be able to give each
>> jail its own IP address, and just use those. Other options are the use
>> of a VPN to grant you an IP in the jails' private subnet, or to use a
>> locked down jail as a jump box into that subnet.
>
> I'll explain a bit of what I'm doing. I have a few services I'm offering
> that I'm actually developing, so I manage the code through Git. I use
> SCP a lot to edit files in production when I -really- need to, but I
> wanted a quicker way to jump to dev2 jail and git pull, then reboot the
> service. It's a lot easier if I can have direct access and just ssh to
> do that work rather than su, switch to the jail, then su to the name.
This is possible using a jumpbox and exploiting the ProxyCommand SSH
directive.
Here's an example of my .ssh/config:
----8<----
Host den
HostName den.cyberleo.net
User cyberleo
Host hidden
HostName hidden.den.cyberleo.net
User cyberleo
ForwardAgent yes
Compression yes
ProxyCommand ssh den nc %h %p 2>&-
----8<----
>From my command line, invoking 'ssh hidden' works just as if I was on
the same subnet, as it tunnels the TCP connection through the jumpbox's
SSH connection. Works with anything that uses SSH, too, like sftp, scp,
and git.
--
Fuzzy love,
-CyberLeo
Technical Administrator
CyberLeo.Net Webhosting
http://www.CyberLeo.Net
<CyberLeo at CyberLeo.Net>
Furry Peace! - http://www.fur.com/peace/
More information about the freebsd-questions
mailing list