Hi all,
What will be the possible problem..
As i make the jail environment with jail script.
jail.sh file
cd /usr/src
mkdir -p $D
make world DESTDIR=$D
cd etc
make distribution DESTDIR=$D -DNO_MAKEDEV_RUN
cd $D/dev
sh MAKEDEV jail
cd $D
ln -sf dev/null kernel
#mkdir -p /home/
#cp /stand/sysinstall /home/
# jail /home/jail/ web /bin/sh
#touch /etc/fstab
#vi rc.conf
inetd_flags="-wW -a"
#vi /etc/resolv.conf
#passwd root
#pw useradd kinux -g wheel -d /home/kinux -s /bin/csh -m
#/stand/sysinstall -->config -->timezone and configure it is HKT.
# jail /home/jail/ web /bin/sh /etc/rc
Skipping disk checks ...
adjkerntz[38464]: sysctl(put_wallclock): Operation not permitted
Doing initial network setup:.
ifconfig: ioctl (SIOCDIFADDR): permission denied
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
Additional routing options: TCP keepalive=YESsysctl: net.inet.tcp.always_keepalive: 
Operation not
Routing daemons:.
Additional daemons: syslogd.
Doing additional network setup:.
Starting final network daemons: creating ssh1 RSA host key
Generating public/private rsa1 key pair.
Your identification has been saved in /etc/ssh/ssh_host_key.
Your public key has been saved in /etc/ssh/ssh_host_key.pub.
The key fingerprint is:
a4:91:9a:b7:92:fe:8b:34:fa:6d:d7:42:a6:d5:77:57 [EMAIL PROTECTED]
 creating ssh2 RSA host key
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
e2:26:5b:c8:f8:ee:c0:06:12:30:5e:fb:d0:f6:c2:05 [EMAIL PROTECTED]
 creating ssh2 DSA host key
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
ee:b8:65:eb:e0:6f:0f:6d:dd:e9:3c:52:e0:d4:5d:d6 [EMAIL PROTECTED]
ELF ldconfig path: /usr/lib /usr/lib/compat
a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout
Starting standard daemons: inetd cron sshd.
Initial rc.i386 initialization:.
Additional ABI support:.
Local package initialization:.
Additional TCP options:.
Sun Sep 28 21:00:24 HKT 2003
# ssh -l kinux
The authenticity of host ' (' can't be established.
DSA key fingerprint is ee:b8:65:eb:e0:6f:0f:6d:dd:e9:3c:52:e0:d4:5d:d6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (DSA) to the list of known hosts.
Connection closed by

%ps -aux | grep J
kinux  38557  0.0  0.4  1064  540  p1  S+    9:14PM   0:00.00 grep J
root    38498  0.0  0.5   948  632  ??  IsJ   9:00PM   0:00.01 /usr/sbin/syslog
root    38508  0.0  0.5  1044  672  ??  IsJ   9:00PM   0:00.00 /usr/sbin/inetd
root    38510  0.0  0.6  1024  776  ??  IsJ   9:00PM   0:00.01 /usr/sbin/cron
root    38512  0.0  1.6  2592 2016  ??  IsJ   9:00PM   0:00.37 /usr/sbin/sshd


Yonatan Bokovza <[EMAIL PROTECTED]> wrote:
> -----Original Message-----
> From: Pat Lashley [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 16, 2003 11:18
> To: [EMAIL PROTECTED]; maillist bsd
> Subject: Re: My jail can not ssh..
> --On Tuesday, September 16, 2003 09:07:15 +0100 Matthew Seaman 
> wrote:
> > On Tue, Sep 16, 2003 at 04:16:31AM +0800, maillist bsd wrote:
> >
> >> I am just testing jail on my FreeBSD4.8-stable box, i 
> found i can not
> >> ssh to the jail environment, but i can telnet to jail 
> environment, the
> >> sshd is running both inside and outside jail. What's the problem.
> >
> > I suspect that your problem is that the sshd(8) in your 
> host and jail
> > environments are both binding to IN_ADDR_ANY. That means 
> both daemons
> > are fighting over the loopback interface (at least).
> Another subtle thing that can cause problem is if the jailed SSH
> can't do DNS resolution. Telnet in and run your favorite DNS
> query app (host, dnsip, dig, nslookup, etc.). If it fails, check
> resolv.conf in the jail; and check the access controls on your
> name server

And yet another problem is that ssh needs /dev/[u]random.
Try mounting devfs in the jail's /dev and see if it works for you.
The error message is something along the line of "PRNG not
「向左走 向右走」趣怪 VoiceMail 歡迎詞....
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to