Solved Can't log into jail with a password.

[unitrunker]

I create a shiny new jail from scratch.

I use 'passwd' to set the root password like so:

chroot /path/to/jail passwd root

Now I want to log into the jail properly, so:

jexec -l <jail-name> login root

I get prompted for a password but login rejects the password.

I can bypass the password requirement like so:

jexec -l <jail-name> login -f root

However, I'd like the root password to actually work. Common documentation suggests this should work.

I've also tried running 'passwd' after forcibly loggin into the jail. Later login without '-f' won't accept the password.

 

[aragats]

Although this doesn't answer your question, but ssh login into jails always works fine for me with or without password (using keys).

 

[unitrunker]

I suggest to try pw from within the jail.

I did - as stated in the initial post.

 

[SirDice]

I create a shiny new jail from scratch.

You mean "by hand" or did you use a tool? If you meant "by hand" did you create the jail's /etc/ directory and its contents correctly?

 

[unitrunker]

I'm using a base.txz from 12.0-RELEASE. For a sample jail named "alpha" ...

#!/bin/csh
pushd /usr/jails
mkdir alpha
tar -xpf /usr/jails/base.txz -C alpha
cp /etc/resolv.conf alpha/etc/resolv.conf
touch alpha/etc/fstab
popd

The host is also 12.0-RELEASE. This particular jail inherits the host's network interface. I can run pkg upgrade from within the jail just fine.

 

[unitrunker]

This may be login(1) behavior rather than a jail issue - and specifically for login as root.

Outside of a jail ...

• from user "X", login X - creates a new shell and environment immediately - no password prompt.
• from user "X", login -f X - ditto. No password prompt.
• from user "X", login root - prompts for a password but always fails.
• from user "X", login -f root - again, prompts for a password but always fails.
• from root, login root - prompts for a password but always fails.
• from root, login -f root - creates a new shell and environment - no password prompt.

I get the same behavior above inside a jail as well.

If anyone spots an error in my understanding - please speak up!

TL;DR - I can log into a jail as non-root user with a password, and then su(1) to root.

 

[ShelLuser]

Check what console you're on when you logged on. Then verify that against /etc/ttys. My assumption is that you're logging on from a console which hasn't been deemed 'secure', ergo you can't log on as root. See also ttys(5).

Only a theory of course.

 

[unitrunker]

ShelLuser - your explanation is making sense. I can run 'login root' from the console, type the password, and I'm in. Once I have X started, my xterm tty device isn't listed in /etc/ttys. Verified from console with 'login root' and 'jexec -l <jail> login root'. Both work from the console without the '-f'. Thank you!