Hi,
I need help enabling SSH in the jail with the key pair + disable the password login option for SSH
I tried to customize ssh access in one of my jails:
- I wanted to disable password authentication and enable only the certificate mode
- I wanted to change the default 22 port
I edited the /etc/ssh/sshd_config
I added the proper rc.ipfw.conf entries for ssh and the new port allow rules:
I enabled the firewall and restarted the services:
I still could access the sshd on port 22 with a password, the new port was not enabled
This command showed the sshd service still listening on port 22:
To prove it is the sshd_config not being processed and that my setup is fine:
- I stopped the sshd service and manually started it using teh custom port number I opened in firewall:
I could login to the jail using ssh on the new port and port 22 was properly disabled when checking the "sockstat -4 -l" command
This is really annoying. I ended up disabling the SSH service for the jail and using GUI shell with all its limitations (copy/paste, size...) as I do not want to enable password authentication only and the 22 port on that jail
Is there any way to make the sshd service aware of some config file location in the jails or to properly setup SSH with key pairs in the jail ?
Best regards
I need help enabling SSH in the jail with the key pair + disable the password login option for SSH
I tried to customize ssh access in one of my jails:
- I wanted to disable password authentication and enable only the certificate mode
- I wanted to change the default 22 port
I edited the /etc/ssh/sshd_config
Code:
Port 15270 ChallengeResponseAuthentication no
I added the proper rc.ipfw.conf entries for ssh and the new port allow rules:
Code:
# Allow anything outbound from this address. add allow all from 192.168.5.33 to any out # Deny anything outbound from other addresses. add deny log all from any to any out # Allow TCP through if setup succeeded. add allow tcp from any to any established # Allow IP fragments add allow all from any to any frag # Allow inbound ssh add allow tcp from 192.168.5.0/24 to 192.168.5.33 15270 setup # Everything else is denied and logged. add deny log all from any to any
I enabled the firewall and restarted the services:
Code:
sysrc firewall_type="/etc/rc.ipfw.conf sysrc firewall_enable="YES" service ipfw start service sshd restart
I still could access the sshd on port 22 with a password, the new port was not enabled
This command showed the sshd service still listening on port 22:
Code:
sockstat -4 -l
To prove it is the sshd_config not being processed and that my setup is fine:
- I stopped the sshd service and manually started it using teh custom port number I opened in firewall:
Code:
service sshd stop /sbin/sshd -p 15270
I could login to the jail using ssh on the new port and port 22 was properly disabled when checking the "sockstat -4 -l" command
This is really annoying. I ended up disabling the SSH service for the jail and using GUI shell with all its limitations (copy/paste, size...) as I do not want to enable password authentication only and the 22 port on that jail
Is there any way to make the sshd service aware of some config file location in the jails or to properly setup SSH with key pairs in the jail ?
Best regards
Last edited:
