|
|
|
|
|
|||||||
| General General questions about the FreeBSD operating system. Ask here if your question does not fit elsewhere. |
 |
|
|
Thread Tools | Display Modes |
|
#1
December 8th, 2010, 15:33
|
|||
|
|||
Solution for lack of TTY (giving SSH problems) when using jexec to access jail=>tmux!
Hi there!
You know the problem when you want the ssh from within a jail after you jexec'ed into it? I mean this: Code:
@host# jexec <jid> <shell> @jail# ssh user@host Host key verification failed. Code:
@host# jexec <jid> <shell> @jail# ssh user@host Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password). Code:
@host# jexec <jid> <shell> @jail# screen Cannot access '/dev/pts/11': No such file or directory * using PKI auth (but this only solves the problem for SSH and not for other commands that need a TTY) * running sshd in the jail and logging into the jail via SSH (but what if you want to keep your jail very secure and don't want to run sshd?) I have now found a much better solution, that I haven't seen mentioned anywhere yet, so I thought I might want to share it with you guys: /usr/ports/sysutils/tmux It's a terminal multiplexer like screen, but unlike screen it works even when you jexec'ed into a jail! And because its a terminal multiplexer, you get a TTY! Now you can do this: Code:
@host# jexec <jid> <shell> @jail# tmux @jail# ssh user@host user@host's password: Last edited by hopla; December 8th, 2010 at 16:17. 
|
|
#2
December 8th, 2010, 15:40
|
||||
|
||||
# jexec <jid> /usr/bin/su - works for me.
__________________
Senior UNIX Engineer at Unix Support Nederland Experience is something you don't get until just after you need it.
|
|
#4
December 8th, 2010, 15:43
|
||||
|
||||
|
Quote:
 (Unlike with tmux)
|
|
#5
December 8th, 2010, 15:48
|
|||
|
|||
|
Quote:
Code:
# jexec 8 /usr/bin/su - # ssh user@host Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).
|
|
#6
December 8th, 2010, 15:55
|
||||
|
||||
|
You need to generate a host key. Have a look at the /etc/rc.d/sshd script. Normally when it runs for the first time on a clean machine it'll generate the host keys. Without the host keys ssh isn't going to work.
__________________
Senior UNIX Engineer at Unix Support Nederland Experience is something you don't get until just after you need it.
|
|
#7
December 8th, 2010, 16:05
|
|||
|
|||
|
Quote:
It probably works for you because you have PKI auth set up? See if you can run screen when you jexec into your jail. You will see the problem! Then run tmux and on top of that run screen and voila! Suddenly it works! (of course this example is silly and contrived, but perfectly illustrates the problem) EDIT: on second thought, I think you are misunderstanding the problem on another level SirDice, maybe because the title of this post isn't quite accurate and because the sequence of commands in the examples are misleading... When I run jexec followed by another command, that command is run IN the jail, not on the host where I ran jexec. I will edit the title and examples. Last edited by hopla; December 8th, 2010 at 16:13.
|
|
#8
December 8th, 2010, 16:25
|
||||
|
||||
|
Screen works for me, no problems there. I do seem to have the same ssh problem though. The error message kinda threw me off. But with -v it indeed shows that ssh fails because it cannot open a pty.
__________________
Senior UNIX Engineer at Unix Support Nederland Experience is something you don't get until just after you need it.
|
|
#9
December 8th, 2010, 17:00
|
|||
|
|||
|
Quote:
Here is mine (default ezjail jail): Code:
@jail# tree /dev /dev |-- fd | |-- 0 | |-- 1 | `-- 2 |-- log -> ../var/run/log |-- null |-- ptmx |-- pts |-- random |-- stderr -> fd/2 |-- stdin -> fd/0 |-- stdout -> fd/1 |-- urandom -> random `-- zero
|
|
#10
December 8th, 2010, 17:30
|
||||
|
||||
|
Mine's the same.
__________________
Senior UNIX Engineer at Unix Support Nederland Experience is something you don't get until just after you need it.
|
|
#12
December 9th, 2010, 11:46
|
|||
|
|||
|
SirDice, you either have screen compiled with some options I don't know about or you have a very special jail setup or some custom kernel options (I'm running GENERIC) or you are doing something different from what I'm doing.
Because I just can't get screen to work after jexec'ing into jail. Can you please verify for us one more time that the following is absolutely 100% sure working for you? (I especially have a hard time believing this, since you stated that you DO have the same problem with SSH) Code:
root@host# jexec <jid> sh root@jail# screen Screen version 4.00.03 (FAU) 23-Oct-06 <SNIP> [Press Space or Return to end.] Code:
root@host# jexec <jid> sh root@jail# screen Cannot access '/dev/pts/1': No such file or directory
|
|
#13
March 26th, 2012, 08:28
|
||||
|
||||
|
Quote:
Last edited by DutchDaemon; March 26th, 2012 at 11:28.
|
|
| Tags |
| jexec, ssh, tty |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| How to bypass lost access to ssh? | Mad_Dud | Web & Network Services | 2 | November 14th, 2010 13:38 |
| Is this secure enough for sharing SSH/SFTP access? | olav | Web & Network Services | 8 | August 24th, 2010 18:36 |
| How to restrict access to SSH with pam_group.so | malexe | Web & Network Services | 2 | March 6th, 2010 01:12 |
| ssh access | cwhitmore | Firewalls | 2 | April 20th, 2009 04:06 |
| SSH: Limit root access to a certain port | dordal | General | 4 | March 18th, 2009 16:24 |
Linear Mode
