# FreeBSD 8.0 RC1: Trying to log in into jail, but logged into root



## Thorny (Oct 28, 2009)

Hello,

finally i've created my jail. the config in /etc/rc.conf is:

```
ifconfig_re0="DHCP"
ifconfig_re0_alias0="inet 192.168.23.224 netmask 255.255.255.192"

keymap="german.iso"

###################
### base demons ###
###################
rpcbind_enable="YES"
rpcbind_flags="-h 127.0.0.1"

nfs_reserved_port_only="YES"
nfs_server_enable="YES"
mountd_enable="YES"

sshd_enable="YES"
sendmail_enable="NO"

inetd_enable="YES"
inetd_flags="-wW -a 192.168.23.223"

[..] other stuff 

#############
### jails ###
#############
jail_enable="YES"
jail_list="svn"

jail_sysvipc_allow="YES" # For PostgreSQL

jail_svn_rootdir="/usr/local/jail/svn"
jail_svn_hostname="svn.pw-internet.de"
jail_svn_ip="192.168.23.224"
jail_svn_devfs_enable="YES"
jail_svn_devfs_ruleset="svn_ruleset"
~
```

Now my problem:
if i do the following from a remote-computer i'm logged in in the root instance:
`$ ssh [email=user@192.168.23.223]user@192.168.23.223[/email]`

but after the other command, i am also logged in into the root instance and not into the jail:
`$ ssh [email=user@192.168.23.224]user@192.168.23.224[/email]`

I've compared my config with other running BSDs with Jails (7.0 and 7.2) but i can not figure out my mistake. Has anybody some hints?

Greetings from Germany,
Torsten


----------



## SirDice (Oct 28, 2009)

Edit both the host's and the jail's /etc/sshd_config. Make sure they _only_ listen on their own address.


----------



## Thorny (Oct 29, 2009)

I've found the failure cause yesterday night. i forgot to enable sshd in /etc/rc.conf of the jail. 
that the root instance felt accountable for the ssh if it didn't run in the jail is quite missleading.


----------



## GPF (Oct 29, 2009)

would you mind posting the result of a sockstat | grep sshd command from the host system?


----------



## SirDice (Oct 29, 2009)

Thorny said:
			
		

> that the root instance felt accountable for the ssh if it didn't run in the jail is quite missleading.



That's because, by default, sshd listens on _all_ addresses, this includes the jail's ip addresses. As I've said edit /etc/ssh/sshd_config and make sure both the host and jail listen to their own ip address only.


----------



## GPF (Oct 29, 2009)

Use this command to see if any other processes from your host system are listening to all addresses


```
sockstat | grep "*:[0-9]"
```


----------

