tags:

views:

84

answers:

2

When I try to connect through SSH from inside the JAIL I get this error:

# ssh [email protected]
...
debug1: read_passphrase: can not open / dev / tty: No such file or directory
Host key verification failed.

Outside JAIL everythng is working properly. Any ideas?

Steps to reproduce:

# jls
JID  IP Address      Hostname                      Path
1     10.10.3.1       demo.example.com             /jails/demo

# jexec 1 tcsh

(inside jail:)
# ssh [email protected]
+2  A: 

Does your jail root have a populated /dev filesystem through a devfs mount? It looks like it doesn't right now.

Important note: You should be able to use devfs rules to limit the devices visible to jailed processes. In particular, access to raw disk device nodes is a bad idea. The jail(8) manpage describes this near the following paragraph:

It is important that only appropriate device nodes in devfs be exposed to a jail; access to disk devices in the jail may permit processes in the jail to bypass the jail sandboxing by modifying files outside of the jail. See devfs(8) for information on how to use devfs rules to limit access to entries in the per-jail devfs. A simple devfs ruleset for jails is available as ruleset #4 in /etc/defaults/devfs.rules.

You should be able to mount devfs under /jails/demo/dev and apply the recommended jail device rules by running as root the following commands:

# mkdir /jails/demo/dev
# mount -t devfs devfs /jails/demo/dev
# devfs -m /jails/demo/dev rule -s 4 applyset

Of course, you can also write a custom ruleset in /etc/defaults/devfs.rules, even a special devfs ruleset that only applies to a specific jail.

For more details see also the manpages for jail(8), devfs(8), and devfs.rules(5).

Giorgos Keramidas
A: 

You may also experience this if you're entered the jail via the jail command. If you start up the jail and SSH into it, you should have better luck.

Patrick Gibson