Closed port 22 in the jail redirects to the outer system

Bertram Scharpf lists at
Wed Dec 7 20:51:56 UTC 2016

On Tuesday, 06. Dec 2016, 22:05:09 -0800, Robroy Gregg wrote:
> Bertram Scharpf wrote:
> > How can I make a port 22 request fail if an SSH server is running on the 
> > outer machine but not inside the jail?
> If I've understood your situation correctly, the idea here's to configure 
> the host FreeBSD system's ssh daemon to associate itself only with the 
> host system's IP address.
> By default, the ssh daemon associates itself with all IP addresses your 
> computer's configured to use (host + jails), which leads to the 
> fall-through effect you're experiencing when your jail's ssh daemon isn't 
> running.

That's exactly what I meant. I don't know why, but I always
thought a jail should grab all requests on its IP and then
look up a server process.

> On the host system, edit /etc/ssh/sshd_config, and add a line like this, 
> assuming your host system's IP is
> ListenAddress

I should have found this myself. Sorry for the noise.

Thank you!


Bertram Scharpf
Stuttgart, Deutschland/Germany

More information about the freebsd-questions mailing list