Closed port 22 in the jail redirects to the outer system

Robroy Gregg robroy at
Wed Dec 7 06:11:51 UTC 2016

Good day Bertram,

Bertram Scharpf wrote:

> How can I make a port 22 request fail if an SSH server is running on the 
> outer machine but not inside the jail?

If I've understood your situation correctly, the idea here's to configure 
the host FreeBSD system's ssh daemon to associate itself only with the 
host system's IP address.

By default, the ssh daemon associates itself with all IP addresses your 
computer's configured to use (host + jails), which leads to the 
fall-through effect you're experiencing when your jail's ssh daemon isn't 

On the host system, edit /etc/ssh/sshd_config, and add a line like this, 
assuming your host system's IP is


Once the host system's ssh daemon has been re-started, it'll associate 
itself only with, instead of its default (, which will 
match everything--including the IPs used by jails).

Happiness to you Bertram,

More information about the freebsd-questions mailing list