Re: SSH From within a Jail
Koen Martens [EMAIL PROTECTED] wrote: Koen Martens wrote: d c wrote: Greetings: I currently am running Freebsd 6.0 Release. I am experimenting with jails and have run into a problem. I need to ssh from within my jail to another server. Actually I need to use scp. WHen I try it I get the error: Host key verification failed. This could also be something related to permissions on the .ssh directory, but you cleared that out of the way if i understand the rest of this thread correctly. I remember having this problem once, but can't remember right now what i did to solve it.. I usually compile openssh from source anyway, so you might try that. If that works, it would probably be interesting to see what is the difference between your own hand-rolled openssh and the one that came with your world. Just remembered something else: do you jexec into the jail, or do you do a proper logon (eg. ssh into the jail). I think that if you jexec into the jail and then try to ssh, you might have a problem because you aren't really logged in to the jail and thus have no (psuedo) tty associated with your session.. Koen -- K.F.J. Martens, Sonologic, http://www.sonologic.nl/ Networking, hosting, embedded systems, unix, artificial intelligence. Public PGP key: http://www.metro.cx/pubkey-gmc.asc Wondering about the funny attachment your mail program can't read? Visit http://www.openpgp.org/ ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] Yes- Koen you hit the nail on the head. If I use jexec I cannot use ssh to connect to other servers. I also ran into problems with make in ports tree and using screen. However- If I ssh in I can perform all functions (ssh and make) as if it were it own system...aka- jail. The man page should reflect this. That is...all compiling and management of the jail should be done through ssh. Only use jexec for intial configuration and emergency related work. Thanks everyone for their response and ideas. - Yahoo! FareChase - Search multiple travel sites in one click. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
On Sun, Nov 13, 2005 at 09:26:05PM +0100, Koen Martens wrote: + Just remembered something else: do you jexec into the jail, or do + you do a proper logon (eg. ssh into the jail). I think that if you + jexec into the jail and then try to ssh, you might have a problem + because you aren't really logged in to the jail and thus have no + (psuedo) tty associated with your session.. I just saw this thread. Yes, you are right, I can confirm this. To be able to ssh to another server from within a jail, you need to log in to the jail properly (have access to your terminal), so jexec won't work here. Try to ssh into the jail and then ssh to another box. -- Pawel Jakub Dawidek http://www.wheel.pl [EMAIL PROTECTED] http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! pgpRTiVDkIhMn.pgp Description: PGP signature
Re: Re: SSH From within a Jail
From: Pawel Jakub Dawidek [EMAIL PROTECTED] On Sun, Nov 13, 2005 at 09:26:05PM +0100, Koen Martens wrote: + Just remembered something else: do you jexec into the jail, or do + you do a proper logon (eg. ssh into the jail). I think that if you + jexec into the jail and then try to ssh, you might have a problem + because you aren't really logged in to the jail and thus have no + (psuedo) tty associated with your session.. I just saw this thread. Yes, you are right, I can confirm this. To be able to ssh to another server from within a jail, you need to log in to the jail properly (have access to your terminal), so jexec won't work here. Try to ssh into the jail and then ssh to another box. ssh -n can work without a tty. Though I'm not sure what was the question, I did not watch this thread from the start. -SB ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
Koen Martens wrote: d c wrote: Greetings: I currently am running Freebsd 6.0 Release. I am experimenting with jails and have run into a problem. I need to ssh from within my jail to another server. Actually I need to use scp. WHen I try it I get the error: Host key verification failed. This could also be something related to permissions on the .ssh directory, but you cleared that out of the way if i understand the rest of this thread correctly. I remember having this problem once, but can't remember right now what i did to solve it.. I usually compile openssh from source anyway, so you might try that. If that works, it would probably be interesting to see what is the difference between your own hand-rolled openssh and the one that came with your world. Just remembered something else: do you jexec into the jail, or do you do a proper logon (eg. ssh into the jail). I think that if you jexec into the jail and then try to ssh, you might have a problem because you aren't really logged in to the jail and thus have no (psuedo) tty associated with your session.. Koen -- K.F.J. Martens, Sonologic, http://www.sonologic.nl/ Networking, hosting, embedded systems, unix, artificial intelligence. Public PGP key: http://www.metro.cx/pubkey-gmc.asc Wondering about the funny attachment your mail program can't read? Visit http://www.openpgp.org/ ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
On 11/12/05, d c [EMAIL PROTECTED] wrote: Greetings: I currently am running Freebsd 6.0 Release. I am experimenting with jails and have run into a problem. I need to ssh from within my jail to another server. Actually I need to use scp. WHen I try it I get the error: Host key verification failed. This looks like that the connection was rejected in its very early stage. Would you please use sockstat -4 within the jail (see jexec and jls manual) and see if sshd is actually up? -- Xin LI [EMAIL PROTECTED] http://www.delphij.net ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
On 11/12/05, d c [EMAIL PROTECTED] wrote: I am not running sshd in the jail. I am trying to attach to sshd on another server from inside the jail. Seems that I has misread. Would you please try telnet [target IP] 22 to see what happens? BTW. Please reply all when replying e-mail from the list, which ensures that the experience would be shared with others :-) Cheers, -- Xin LI [EMAIL PROTECTED] http://www.delphij.net ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
telnet 10.0.0.60 22 Connected to 10.0.0.60. Escape character is '^]'. SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419 If I ssh into 10.0.0.60 from the host system that the jail is running on I connect right in w/o any problems. Just the jails on the host giving me probs. I also tried recreating the /etc/ssh/ssh_hostkey but that didn;t help --- Xin LI [EMAIL PROTECTED] wrote: On 11/12/05, d c [EMAIL PROTECTED] wrote: I am not running sshd in the jail. I am trying to attach to sshd on another server from inside the jail. Seems that I has misread. Would you please try telnet [target IP] 22 to see what happens? BTW. Please reply all when replying e-mail from the list, which ensures that the experience would be shared with others :-) Cheers, -- Xin LI [EMAIL PROTECTED] http://www.delphij.net ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] __ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
On Sat, Nov 12, 2005 at 05:30:58AM -0800, d c wrote: Just the jails on the host giving me probs. I also tried recreating the /etc/ssh/ssh_hostkey but that didn;t help As a quick test, try moving aside (renaming) the .ssh directory in the home directory of the jail user you're trying this from. If it fixes your issue, then it's a simple matter of wrong host keys and/or client configuration. If not, you may be seeing corruption somewhere. Either way, you definitely want to use the -v option with ssh and look carefully for hints. Bye, Andrea -- Press every key to continue. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
--- Xin LI [EMAIL PROTECTED] wrote: On 11/12/05, d c [EMAIL PROTECTED] wrote: telnet 10.0.0.60 22 Connected to 10.0.0.60. Escape character is '^]'. SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419 If I ssh into 10.0.0.60 from the host system that the jail is running on I connect right in w/o any problems. Just the jails on the host giving me probs. I also tried recreating the /etc/ssh/ssh_hostkey but that didn;t help Do you have /dev/*random available in the jail? Typically there should be /dev/random and a /dev/urandom which is a symbolic link to /dev/random. IIRC there is problem if you don't have these in the jail if you do some ssh related operations... Cheers, -- Xin LI [EMAIL PROTECTED] http://www.delphij.net Yes there is /dev/random and /dev/urandom Has anyone successfully used ssh (client) from within a jail to connect to other servers? I have recreate numerous jails but all suffer the same problem. regards __ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
here is the rsult from using -v. THis should help. ns1# ssh -v 10.0.0.60 OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 10.0.0.60 [10.0.0.60] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1 FreeBSD-20040419 debug1: match: OpenSSH_3.8.1p1 FreeBSD-20040419 pat OpenSSH_3.* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server-client aes128-cbc hmac-md5 none debug1: kex: client-server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102410248192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: read_passphrase: can't open /dev/tty: Device busy Host key verification failed. I just don't understand how to fix can't open /dev/tty regards --- d c [EMAIL PROTECTED] wrote: --- Xin LI [EMAIL PROTECTED] wrote: On 11/12/05, d c [EMAIL PROTECTED] wrote: telnet 10.0.0.60 22 Connected to 10.0.0.60. Escape character is '^]'. SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419 If I ssh into 10.0.0.60 from the host system that the jail is running on I connect right in w/o any problems. Just the jails on the host giving me probs. I also tried recreating the /etc/ssh/ssh_hostkey but that didn;t help Do you have /dev/*random available in the jail? Typically there should be /dev/random and a /dev/urandom which is a symbolic link to /dev/random. IIRC there is problem if you don't have these in the jail if you do some ssh related operations... Cheers, -- Xin LI [EMAIL PROTECTED] http://www.delphij.net Yes there is /dev/random and /dev/urandom Has anyone successfully used ssh (client) from within a jail to connect to other servers? I have recreate numerous jails but all suffer the same problem. regards __ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
On Sat, 12 Nov 2005 05:43:51 -0800 (PST) d c [EMAIL PROTECTED] wrote: here is the rsult from using -v. THis should help. ns1# ssh -v 10.0.0.60 OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 10.0.0.60 [10.0.0.60] port 22. -- cut -- debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: read_passphrase: can't open /dev/tty: Device busy Host key verification failed. I just don't understand how to fix can't open /dev/tty how do you start the jail(s) and how do you deal with /dev in the jail (s) ? here's my relevant part in /etc/rc.conf of my host-system on a 5.4-REL machine as a working example : jail_enable=YES jail_socket_unixiproute_only=YES jail_sysvipc_allow=NO jail_list=ssh build mail http https jail_set_hostname_allow=NO # jail_build_rootdir=/usr/jails/build jail_build_hostname=build.mydomain.org jail_build_ip=192.168.100.100 jail_build_exec=/bin/sh /etc/rc jail_build_devfs_enable=YES jail_build_devfs_ruleset=devfsrules_jail -- grtjs, albi gpg-key: lynx -dump http://scii.nl/~albi/gpg.asc | gpg --import ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
--- albi [EMAIL PROTECTED] wrote: On Sat, 12 Nov 2005 05:43:51 -0800 (PST) d c [EMAIL PROTECTED] wrote: here is the rsult from using -v. THis should help. ns1# ssh -v 10.0.0.60 OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 10.0.0.60 [10.0.0.60] port 22. -- cut -- debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: read_passphrase: can't open /dev/tty: Device busy Host key verification failed. I just don't understand how to fix can't open /dev/tty how do you start the jail(s) and how do you deal with /dev in the jail (s) ? here's my relevant part in /etc/rc.conf of my host-system on a 5.4-REL machine as a working example : jail_enable=YES jail_socket_unixiproute_only=YES jail_sysvipc_allow=NO jail_list=ssh build mail http https jail_set_hostname_allow=NO # jail_build_rootdir=/usr/jails/build jail_build_hostname=build.mydomain.org jail_build_ip=192.168.100.100 jail_build_exec=/bin/sh /etc/rc jail_build_devfs_enable=YES jail_build_devfs_ruleset=devfsrules_jail -- grtjs, albi gpg-key: lynx -dump http://scii.nl/~albi/gpg.asc | gpg --import ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] I mounted my devs like this: mount_devfs devfs $JAILDIR/dev I did not set: jail_socket_unixiproute_only=YES I also did not use any rules. What would a typical ruleset be? __ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
On Sat, Nov 12, 2005 at 05:43:51AM -0800, d c wrote: debug1: read_passphrase: can't open /dev/tty: Device busy Host key verification failed. I just don't understand how to fix can't open /dev/tty Consider the -T option to ssh. ('Disable pseudo-tty allocation.) I don't know the ramifications of that, though... regards --- d c [EMAIL PROTECTED] wrote: -- Brian Reichert [EMAIL PROTECTED] 55 Crystal Ave. #286Daytime number: (603) 434-6842 Derry NH 03038-1725 USA BSD admin/developer at large ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
--- Brian Reichert [EMAIL PROTECTED] wrote: On Sat, Nov 12, 2005 at 05:43:51AM -0800, d c wrote: debug1: read_passphrase: can't open /dev/tty: Device busy Host key verification failed. I just don't understand how to fix can't open /dev/tty Consider the -T option to ssh. ('Disable pseudo-tty allocation.) I don't know the ramifications of that, though... regards --- d c [EMAIL PROTECTED] wrote: -- Brian Reichert[EMAIL PROTECTED] 55 Crystal Ave. #286 Daytime number: (603) 434-6842 Derry NH 03038-1725 USA BSD admin/developer at large I had the same error even with the -T option. Here is the ls from /dev in the jail. Maybe this helps? crw--- 1 root wheel 0, 21 Nov 11 22:04 sysmouse crw--- 1 root wheel 0, 42 Nov 11 22:04 ttyd0 crw--- 1 root wheel 0, 43 Nov 11 22:04 ttyd0.init crw--- 1 root wheel 0, 44 Nov 11 22:04 ttyd0.lock crw--- 1 root wheel 0, 48 Nov 11 22:04 ttyd1 crw--- 1 root wheel 0, 49 Nov 11 22:04 ttyd1.init crw--- 1 root wheel 0, 50 Nov 11 22:04 ttyd1.lock crw-rw-rw- 1 root wheel 0, 111 Nov 12 18:19 ttyp0 crw-rw-rw- 1 root wheel 0, 113 Nov 12 17:36 ttyp1 crw--- 1 root wheel 0, 54 Nov 11 23:44 ttyv0 crw--- 1 root wheel 0, 55 Nov 11 23:25 ttyv1 crw--- 1 root wheel 0, 56 Nov 11 22:06 ttyv2 crw--- 1 root wheel 0, 57 Nov 11 22:06 ttyv3 crw--- 1 root wheel 0, 58 Nov 11 22:06 ttyv4 crw--- 1 root wheel 0, 59 Nov 11 22:06 ttyv5 crw--- 1 root wheel 0, 60 Nov 11 22:06 ttyv6 crw--- 1 root wheel 0, 61 Nov 11 22:06 ttyv7 crw--- 1 root wheel 0, 62 Nov 11 22:04 ttyv8 crw--- 1 root wheel 0, 63 Nov 11 22:04 ttyv9 crw--- 1 root wheel 0, 64 Nov 11 22:04 ttyva crw--- 1 root wheel 0, 65 Nov 11 22:04 ttyvb crw--- 1 root wheel 0, 66 Nov 11 22:04 ttyvc crw--- 1 root wheel 0, 67 Nov 11 22:04 ttyvd crw--- 1 root wheel 0, 68 Nov 11 22:04 ttyve crw--- 1 root wheel 0, 69 Nov 11 22:04 ttyvf __ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
On Sat, 12 Nov 2005 08:59:02 -0800 (PST) d c [EMAIL PROTECTED] wrote: I had the same error even with the -T option. Here is the ls from /dev in the jail. Maybe this helps? -- cut -- crw--- 1 root wheel 0, 67 Nov 11 22:04 ttyvd crw--- 1 root wheel 0, 68 Nov 11 22:04 ttyve crw--- 1 root wheel 0, 69 Nov 11 22:04 ttyvf as a comparison here's (partly) mine : $ ls -la /dev/tty* crw--- 1 root wheel 240, 0 Nov 10 00:11 /dev/ttyd0 crw--- 1 root wheel 240, 1 Nov 10 00:11 /dev/ttyd1 crw--- 1 root wheel 239, 32 Nov 10 00:11 /dev/ttyid0 crw--- 1 root wheel 239, 33 Nov 10 00:11 /dev/ttyid1 crw--- 1 root wheel 239, 64 Nov 10 00:11 /dev/ttyld0 crw--- 1 root wheel 239, 65 Nov 10 00:11 /dev/ttyld1 crw--w 1 albi tty 5, 0 Nov 12 18:13 /dev/ttyp0 crw-rw-rw- 1 root wheel5, 1 Nov 12 14:53 /dev/ttyp1 crw-rw-rw- 1 root wheel5, 2 Nov 11 23:49 /dev/ttyp2 crw--- 1 root wheel 237, 0 Nov 10 00:14 /dev/ttyv0 crw--- 1 root wheel 237, 1 Nov 10 00:14 /dev/ttyv1 which FreeBSD-release do you use again ? did you follow the manualpage for jail to set up your jails or did you use some other Howto ? -- grtjs, albi gpg-key: lynx -dump http://scii.nl/~albi/gpg.asc | gpg --import ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
I used the man page. I am using freebsd 6.0 Can you ssh from your jails? albi [EMAIL PROTECTED] wrote: On Sat, 12 Nov 2005 08:59:02 -0800 (PST) d c wrote: I had the same error even with the -T option. Here is the ls from /dev in the jail. Maybe this helps? -- cut -- crw--- 1 root wheel 0, 67 Nov 11 22:04 ttyvd crw--- 1 root wheel 0, 68 Nov 11 22:04 ttyve crw--- 1 root wheel 0, 69 Nov 11 22:04 ttyvf as a comparison here's (partly) mine : $ ls -la /dev/tty* crw--- 1 root wheel 240, 0 Nov 10 00:11 /dev/ttyd0 crw--- 1 root wheel 240, 1 Nov 10 00:11 /dev/ttyd1 crw--- 1 root wheel 239, 32 Nov 10 00:11 /dev/ttyid0 crw--- 1 root wheel 239, 33 Nov 10 00:11 /dev/ttyid1 crw--- 1 root wheel 239, 64 Nov 10 00:11 /dev/ttyld0 crw--- 1 root wheel 239, 65 Nov 10 00:11 /dev/ttyld1 crw--w 1 albi tty 5, 0 Nov 12 18:13 /dev/ttyp0 crw-rw-rw- 1 root wheel 5, 1 Nov 12 14:53 /dev/ttyp1 crw-rw-rw- 1 root wheel 5, 2 Nov 11 23:49 /dev/ttyp2 crw--- 1 root wheel 237, 0 Nov 10 00:14 /dev/ttyv0 crw--- 1 root wheel 237, 1 Nov 10 00:14 /dev/ttyv1 which FreeBSD-release do you use again ? did you follow the manualpage for jail to set up your jails or did you use some other Howto ? -- grtjs, albi gpg-key: lynx -dump http://scii.nl/~albi/gpg.asc | gpg --import ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] - Yahoo! FareChase - Search multiple travel sites in one click. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
On 11/12/05, d c [EMAIL PROTECTED] wrote: telnet 10.0.0.60 22 Connected to 10.0.0.60. Escape character is '^]'. SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419 If I ssh into 10.0.0.60 from the host system that the jail is running on I connect right in w/o any problems. Just the jails on the host giving me probs. I also tried recreating the /etc/ssh/ssh_hostkey but that didn;t help Do you have /dev/*random available in the jail? Typically there should be /dev/random and a /dev/urandom which is a symbolic link to /dev/random. IIRC there is problem if you don't have these in the jail if you do some ssh related operations... Cheers, -- Xin LI [EMAIL PROTECTED] http://www.delphij.net ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH From within a Jail
d c wrote: Greetings: I currently am running Freebsd 6.0 Release. I am experimenting with jails and have run into a problem. I need to ssh from within my jail to another server. Actually I need to use scp. WHen I try it I get the error: Host key verification failed. This could also be something related to permissions on the .ssh directory, but you cleared that out of the way if i understand the rest of this thread correctly. I remember having this problem once, but can't remember right now what i did to solve it.. I usually compile openssh from source anyway, so you might try that. If that works, it would probably be interesting to see what is the difference between your own hand-rolled openssh and the one that came with your world. Koen -- K.F.J. Martens, Sonologic, http://www.sonologic.nl/ Networking, hosting, embedded systems, unix, artificial intelligence. Public PGP key: http://www.metro.cx/pubkey-gmc.asc Wondering about the funny attachment your mail program can't read? Visit http://www.openpgp.org/ ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]