Can't disable OpenSSH in 8.1 Jails

[ghostcorps]

Hi Guys

I have setup two jails on 8.1 Release, and intend to use jexec to run any commands on them so I am trying to disable sshd. I have set sshd_enable="NO" in both rc.confs', but nmap is still seeing OpenSSH. It seems like a simple thing to do but I can't figure out what else to do.

What am I missing?

 

[aragon]

In your host, have you reconfigured the sshd to bind to only the host's IP address? eg.

ListenAddress ip.address.of.host

in /etc/ssh/sshd_config on host.

 

[ghostcorps]

Brilliant! thankyou

 

[ghostcorps]

Oh, Maybe not.

I got a bit presumptuous. I thought it worked, but it just took a while to connect this time.

I added that to the sshd_config and ran [cmd=]/usr/sbin/sshd restart[/cmd] but it still connects Should I reload r.conf?

 

[ghostcorps]

I meant rc.conf

 

[ghostcorps]

Should I reload r.conf?

No change

 

[aragon]

Please post the output of:

netstat -anf inet

from the host.

 

[DutchDaemon]

[cmd=]sockstat -l4p22[/cmd]

 

[ghostcorps]

Thanks guys

Now, I can see whats happening. The ssh connections to the webserver are going to the host. Problem is that I would rather someone attack the webserver jails' sshd than the hosts'; ideally I would like there to be no response at all. I'll delve into the sshd_config a bit more and see what I can achieve.

After this I will be setting up ipfw, but there seems to be a whole other issue there that I wont get into.

# netstat -anf inet
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address       (state)
tcp4       0      0  database.domain.8080   *.*                    LISTEN
tcp4       0      0 webserver.domain.21     *.*                    LISTEN
tcp4       0      0 webserver.domain.80     *.*                    LISTEN
tcp4       0      0      host.domain.22     *.*                    LISTEN
tcp4       0      0      host.domain.22     my.home.ip.54417    ESTABLISHED
tcp4       0     52      host.domain.22     my.home.ip.54416    ESTABLISHED
tcp46      0      0 *.80                   *.*                    LISTEN
tcp4       0      0 127.0.0.1.25           *.*                    LISTEN
tcp4       0      0 *.22                   *.*                    LISTEN
udp4       0      0  database.domain.514    *.*
udp4       0      0 webserver.domain.514    *.*
udp4       0      0 *.514                  *.*

root     sshd       51978 3  tcp4   host.domain:22    *:*
root     sshd       1131  4  tcp4   *:22                  *:*

 

[aragon]

It looks like you have two sshd processes running, one of which is listening on all addresses...

 

[ghostcorps]

Oh, right. I can see what you mean. I have no idea why that would be the case.

I rebooted and all is well