Closed port 22 in the jail redirects to the outer system
Robroy Gregg
robroy at robroygregg.com
Wed Dec 7 06:11:51 UTC 2016
Good day Bertram,
Bertram Scharpf wrote:
> How can I make a port 22 request fail if an SSH server is running on the
> outer machine but not inside the jail?
If I've understood your situation correctly, the idea here's to configure
the host FreeBSD system's ssh daemon to associate itself only with the
host system's IP address.
By default, the ssh daemon associates itself with all IP addresses your
computer's configured to use (host + jails), which leads to the
fall-through effect you're experiencing when your jail's ssh daemon isn't
running.
On the host system, edit /etc/ssh/sshd_config, and add a line like this,
assuming your host system's IP is 10.0.0.1.
ListenAddress 10.0.0.1
Once the host system's ssh daemon has been re-started, it'll associate
itself only with 10.0.0.1, instead of its default (0.0.0.0, which will
match everything--including the IPs used by jails).
Happiness to you Bertram,
Robroy
More information about the freebsd-questions
mailing list