# Can't disable OpenSSH in 8.1 Jails



## ghostcorps (Sep 19, 2010)

Hi Guys

 I have setup two jails on 8.1 Release, and intend to use jexec to run any commands on them so I am trying to disable sshd. I have set sshd_enable="NO" in both rc.confs', but nmap is still seeing OpenSSH. It seems like a simple thing to do but I can't figure out what else to do.

What am I missing?


----------



## aragon (Sep 19, 2010)

In your host, have you reconfigured the sshd to bind to only the host's IP address?  eg.


```
ListenAddress ip.address.of.host
```

in /etc/ssh/sshd_config on host.


----------



## ghostcorps (Sep 19, 2010)

Brilliant!  thankyou


----------



## ghostcorps (Sep 19, 2010)

Oh, Maybe not. 

I got a bit presumptuous. I thought it worked, but it just took a while to connect this time.

I added that to the sshd_config and ran [cmd=]/usr/sbin/sshd restart[/cmd] but it still connects   Should I reload r.conf?


----------



## ghostcorps (Sep 19, 2010)

I meant rc.conf


----------



## ghostcorps (Sep 19, 2010)

ghostcorps said:
			
		

> Should I reload r.conf?



No change


----------



## aragon (Sep 19, 2010)

Please post the output of:


```
netstat -anf inet
```

from the host.


----------



## DutchDaemon (Sep 19, 2010)

[cmd=]sockstat -l4p22[/cmd]


----------



## ghostcorps (Sep 19, 2010)

Thanks guys

 Now, I can see whats happening. The ssh connections to the webserver are going to the host. Problem is that I would rather someone attack the webserver jails' sshd than the hosts'; ideally I would like there to be no response at all. I'll delve into the sshd_config a bit more and see what I can achieve.

 After this I will be setting up ipfw, but there seems to be a whole other issue there that I wont get into.


```
# netstat -anf inet
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address       (state)
tcp4       0      0  database.domain.8080   *.*                    LISTEN
tcp4       0      0 webserver.domain.21     *.*                    LISTEN
tcp4       0      0 webserver.domain.80     *.*                    LISTEN
tcp4       0      0      host.domain.22     *.*                    LISTEN
tcp4       0      0      host.domain.22     my.home.ip.54417    ESTABLISHED
tcp4       0     52      host.domain.22     my.home.ip.54416    ESTABLISHED
tcp46      0      0 *.80                   *.*                    LISTEN
tcp4       0      0 127.0.0.1.25           *.*                    LISTEN
tcp4       0      0 *.22                   *.*                    LISTEN
udp4       0      0  database.domain.514    *.*
udp4       0      0 webserver.domain.514    *.*
udp4       0      0 *.514                  *.*
```


```
root     sshd       51978 3  tcp4   host.domain:22    *:*
root     sshd       1131  4  tcp4   *:22                  *:*
```


----------



## aragon (Sep 19, 2010)

It looks like you have two sshd processes running, one of which is listening on all addresses...


----------



## ghostcorps (Sep 20, 2010)

Oh, right. I can see what you mean. I have no idea why that would be the case.

I rebooted and all is well


----------

