Closed port 22 in the jail redirects to the outer system
Bertram Scharpf
lists at bertram-scharpf.de
Wed Dec 7 20:51:56 UTC 2016
On Tuesday, 06. Dec 2016, 22:05:09 -0800, Robroy Gregg wrote:
> Bertram Scharpf wrote:
>
> > How can I make a port 22 request fail if an SSH server is running on the
> > outer machine but not inside the jail?
>
> If I've understood your situation correctly, the idea here's to configure
> the host FreeBSD system's ssh daemon to associate itself only with the
> host system's IP address.
>
> By default, the ssh daemon associates itself with all IP addresses your
> computer's configured to use (host + jails), which leads to the
> fall-through effect you're experiencing when your jail's ssh daemon isn't
> running.
That's exactly what I meant. I don't know why, but I always
thought a jail should grab all requests on its IP and then
look up a server process.
> On the host system, edit /etc/ssh/sshd_config, and add a line like this,
> assuming your host system's IP is 10.0.0.1.
>
> ListenAddress 10.0.0.1
I should have found this myself. Sorry for the noise.
Thank you!
Bertram
--
Bertram Scharpf
Stuttgart, Deutschland/Germany
http://www.bertram-scharpf.de
More information about the freebsd-questions
mailing list