Re: Cannot ssh from jail
On Thu, 2007-10-04 at 10:17 +0200, Kim Attree wrote: LI Xin wrote: Tom Evans wrote: Hi stable@, jail@ [jail@ plz cc me as I'm not subscribed] I'm having some problems setting up some jails for semi-isolated development (ie, so we can isolate the developers into a jail, give them all the root access they want, and not worry about them blowing up more than their own jail) on 6.2-RELEASE-p5. I have set up a jail, using ezjail, which appeared to work fine. I can start the jail, and use jexec to spawn a shell inside the jail. However, if I then try to ssh from the jail to another box, ssh fails with the error message (with -v): I think the problem is that if you jexec into a jail then you don't have a TTY at hand, so bad things would happen. If you login into the jail by some ways (e.g. by ssh or telnet or whatever that spawns a TTY for you) then it would work I bet. Cheers, I had the same problem, setup SSHD in the jail, ssh'ed into that, and then from there got a TTY and could ssh to anywhere. Li is right, with jexec you don't get allocated a TTY. Laters, Kim Thanks guys, that works perfectly Cheers Tom signature.asc Description: This is a digitally signed message part
Re: Cannot ssh from jail
LI Xin wrote: Tom Evans wrote: Hi stable@, jail@ [jail@ plz cc me as I'm not subscribed] I'm having some problems setting up some jails for semi-isolated development (ie, so we can isolate the developers into a jail, give them all the root access they want, and not worry about them blowing up more than their own jail) on 6.2-RELEASE-p5. I have set up a jail, using ezjail, which appeared to work fine. I can start the jail, and use jexec to spawn a shell inside the jail. However, if I then try to ssh from the jail to another box, ssh fails with the error message (with -v): I think the problem is that if you jexec into a jail then you don't have a TTY at hand, so bad things would happen. If you login into the jail by some ways (e.g. by ssh or telnet or whatever that spawns a TTY for you) then it would work I bet. Cheers, I had the same problem, setup SSHD in the jail, ssh'ed into that, and then from there got a TTY and could ssh to anywhere. Li is right, with jexec you don't get allocated a TTY. Laters, Kim ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Cannot ssh from jail
Hi stable@, jail@ [jail@ plz cc me as I'm not subscribed] I'm having some problems setting up some jails for semi-isolated development (ie, so we can isolate the developers into a jail, give them all the root access they want, and not worry about them blowing up more than their own jail) on 6.2-RELEASE-p5. I have set up a jail, using ezjail, which appeared to work fine. I can start the jail, and use jexec to spawn a shell inside the jail. However, if I then try to ssh from the jail to another box, ssh fails with the error message (with -v): debug1: read_passphrase: can't open /dev/tty: Device busy Host key verification failed. The only ezjail.conf option I changed/added from default was to set ezjail_jaildir. I left ezjail_devfs_enable=YES, ezjail_devfs_ruleset=devfsrules_jail, the defaults. From outside the jail, devfs appears to be mounted: /data2/ezjails/basejail on /data2/ezjails/monotest/basejail (nullfs, local, read-only) devfs on /data2/ezjails/monotest/dev (devfs, local) fdescfs on /data2/ezjails/monotest/dev/fd (fdescfs) procfs on /data2/ezjails/monotest/proc (procfs, local) From inside the jail, there doesn't appear to be a /dev/tty, unless you look for it: # ls /dev fd ptyp0 ptyp3 ptyp6 stdin ttyp1 ttyp4 urandom log ptyp1 ptyp4 random stdout ttyp2 ttyp5 zero nullptyp2 ptyp5 stderr ttyp0 ttyp3 ttyp6 # ls -l /dev/tty crw-rw-rw- 1 root wheel0, 91 Oct 3 16:57 /dev/tty I found a posting from 2005 describing the same problem [1], but unfortunately without a resolution. I'm sure this should be possible and I'm doing/not doing something that stops it. Any hints, tips would be appreciated. If there's any additional information I can provide.. Cheers Tom [1] http://lists.freebsd.org/pipermail/freebsd-hackers/2005-November/014423.html signature.asc Description: This is a digitally signed message part
Re: Cannot ssh from jail
Tom Evans wrote: Hi stable@, jail@ [jail@ plz cc me as I'm not subscribed] I'm having some problems setting up some jails for semi-isolated development (ie, so we can isolate the developers into a jail, give them all the root access they want, and not worry about them blowing up more than their own jail) on 6.2-RELEASE-p5. I have set up a jail, using ezjail, which appeared to work fine. I can start the jail, and use jexec to spawn a shell inside the jail. However, if I then try to ssh from the jail to another box, ssh fails with the error message (with -v): I think the problem is that if you jexec into a jail then you don't have a TTY at hand, so bad things would happen. If you login into the jail by some ways (e.g. by ssh or telnet or whatever that spawns a TTY for you) then it would work I bet. Cheers, -- Xin LI [EMAIL PROTECTED] http://www.delphij.net/ FreeBSD - The Power to Serve! signature.asc Description: OpenPGP digital signature