Hi all,
What will be the possible problem..
As i make the jail environment with jail script.
jail.sh file
D=/home/jail/192.168.1.1
cd /usr/src
mkdir -p $D
make world DESTDIR=$D
cd etc
make distribution DESTDIR=$D -DNO_MAKEDEV_RUN
cd $D/dev
sh MAKEDEV jail
cd $D
ln -sf dev/null kernel
#mkdir -p /home/192.168.1.1/stand
#cp /stand/sysinstall /home/192.168.1.1/stand
# jail /home/jail/192.168.1.1 web 192.168.1.1 /bin/sh
#touch /etc/fstab
#vi rc.conf
sendmail_enable="NONE"
sshd_enable="YES"
inetd_enable="YES"
inetd_flags="-wW -a 192.168.1.1"
syslogd_enable="YES"
syslogd_flags="-ss"
portmap_enable="NO"
#vi /etc/resolv.conf
nameserver 1.2.3.4
#passwd root
#pw useradd kinux -g wheel -d /home/kinux -s /bin/csh -m
#/stand/sysinstall -->config -->timezone and configure it is HKT.
#
# jail /home/jail/192.168.1.1 web 192.168.1.1 /bin/sh /etc/rc
Skipping disk checks ...
adjkerntz[38464]: sysctl(put_wallclock): Operation not permitted
Doing initial network setup:.
ifconfig: ioctl (SIOCDIFADDR): permission denied
lo0: flags=8049 mtu 16384
Additional routing options: TCP keepalive=YESsysctl: net.inet.tcp.always_keepalive:
Operation not
permitted
.
Routing daemons:.
Additional daemons: syslogd.
Doing additional network setup:.
Starting final network daemons: creating ssh1 RSA host key
Generating public/private rsa1 key pair.
Your identification has been saved in /etc/ssh/ssh_host_key.
Your public key has been saved in /etc/ssh/ssh_host_key.pub.
The key fingerprint is:
a4:91:9a:b7:92:fe:8b:34:fa:6d:d7:42:a6:d5:77:57 [EMAIL PROTECTED]
creating ssh2 RSA host key
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
e2:26:5b:c8:f8:ee:c0:06:12:30:5e:fb:d0:f6:c2:05 [EMAIL PROTECTED]
creating ssh2 DSA host key
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
ee:b8:65:eb:e0:6f:0f:6d:dd:e9:3c:52:e0:d4:5d:d6 [EMAIL PROTECTED]
.
ELF ldconfig path: /usr/lib /usr/lib/compat
a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout
Starting standard daemons: inetd cron sshd.
Initial rc.i386 initialization:.
Additional ABI support:.
Local package initialization:.
Additional TCP options:.
Sun Sep 28 21:00:24 HKT 2003
# ssh -l kinux 192.168.1.1
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
DSA key fingerprint is ee:b8:65:eb:e0:6f:0f:6d:dd:e9:3c:52:e0:d4:5d:d6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.1' (DSA) to the list of known hosts.
Connection closed by 192.168.1.1
%ps -aux | grep J
kinux 38557 0.0 0.4 1064 540 p1 S+9:14PM 0:00.00 grep J
root38498 0.0 0.5 948 632 ?? IsJ 9:00PM 0:00.01 /usr/sbin/syslog
root38508 0.0 0.5 1044 672 ?? IsJ 9:00PM 0:00.00 /usr/sbin/inetd
root38510 0.0 0.6 1024 776 ?? IsJ 9:00PM 0:00.01 /usr/sbin/cron
root38512 0.0 1.6 2592 2016 ?? IsJ 9:00PM 0:00.37 /usr/sbin/sshd
Thanks
Yonatan Bokovza <[EMAIL PROTECTED]> wrote:
> -Original Message-
> From: Pat Lashley [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 16, 2003 11:18
> To: [EMAIL PROTECTED]; maillist bsd
> Cc: [EMAIL PROTECTED]
> Subject: Re: My jail can not ssh..
>
>
> --On Tuesday, September 16, 2003 09:07:15 +0100 Matthew Seaman
> wrote:
>
> > On Tue, Sep 16, 2003 at 04:16:31AM +0800, maillist bsd wrote:
> >
> >> I am just testing jail on my FreeBSD4.8-stable box, i
> found i can not
> >> ssh to the jail environment, but i can telnet to jail
> environment, the
> >> sshd is running both inside and outside jail. What's the problem.
> >
> > I suspect that your problem is that the sshd(8) in your
> host and jail
> > environments are both binding to IN_ADDR_ANY. That means
> both daemons
> > are fighting over the loopback interface (at least).
>
> Another subtle thing that can cause problem is if the jailed SSH
> can't do DNS resolution. Telnet in and run your favorite DNS
> query app (host, dnsip, dig, nslookup, etc.). If it fails, check
> resolv.conf in the jail; and check the access controls on your
> name server
And yet another problem is that ssh needs /dev/[u]random.
Try mounting devfs in the jail's /dev and see if it works for you.
The error message is something along the line of "PRNG not
initialized".
「向左走 向右走」趣怪 VoiceMail 歡迎詞
http://voicemail.yahoo.com.hk
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
