Two jail questions
Emmanuel Vadot
manu at bidouilliste.com
Thu Oct 19 18:59:14 UTC 2017
On Thu, 19 Oct 2017 13:13:09 -0500
Adam Vande More <amvandemore at gmail.com> wrote:
> On Thu, Oct 19, 2017 at 1:00 PM, Steve Kargl <
> sgk at troutmask.apl.washington.edu> wrote:
>
> >
> > > sshd in the jail needs to run on a different port if you're using the
> > same
> > > ip, otherwise if you use an independent networking stack you would
> > > configure as normal.
> >
> > So, then this comes down to
> >
> > ssh normal at a.b.c.d <-- host system's sshd listening on default
> > port
> > ssh -p 1111 guest at a.b.c.d <-- jailed sshd listening on port 1111
> >
>
> On a non-VNET/VIMAGE jail, this is the standard way. For a VNET/VIMAGE you
> could do a regular
>
> ssh guest at w.x.y.z
>
> since the jail would have it's own real ip. That is assuming you added the
> guest user to the jail and all the networking/routing is good.
>
> --
> Adam
Even with non-VNET/VIMAGE a jail can have it's own IP and you can ssh
directly into it.
For a standard /etc/jail.conf configuration I think you need to add
the IP to the host as an alias, for iocage it does that for you.
--
Emmanuel Vadot <manu at bidouilliste.com> <manu at freebsd.org>
More information about the freebsd-questions
mailing list