I have a jail running and the network configuration is done by the host's /etc/jail.conf. The behavior is that when the jail boots, sshd listens to the correct ipv4 address listed in the /etc/ssh/sshd_config, however it doesn't listen to the ipv6 address. I did attempt to set it to :: to see if that worked to no avail.
If I do
Here is the relevant data:
Host's /etc/jail.conf
Jail's /etc/ssh/sshd_config
Jail
I figured out a fix which is just to open /etc/rc.d/sshd and add a
Thanks all,
-gns
If I do
service sshd restart
, sshd comes up fine and works correctly. This seems to be the same sort of issue I mentioned in another thread with the networking not coming up immediately, and so the daemon process doesn't bind/associate correctly. I thought that the host's jail(8) would setup the networking first before running the jail's rc, and so by the time sshd got around to starting, the ipv6 address would already exist on the interface. It seems that is not happening.Here is the relevant data:
Host's /etc/jail.conf
Code:
helios {
path = "/server/helios";
host.hostname = "helios";
host.domainname = "helios.domain.com";
ip4.addr = "lo1|192.168.99.2/24";
ip6.addr = "vtnet0|2604:5454:5454::2002/64";
allow.raw_sockets;
allow.mount.devfs;
mount.devfs;
persist;
exec.start = "sh /etc/rc";
}
Jail's /etc/ssh/sshd_config
Code:
ListenAddress 192.168.99.2
ListenAddress 2604:5454:5454::2002
Port 22
Port 1000
Subsystem sftp /usr/libexec/sftp-server
Jail
sockstat
Code:
/usr/home/gns $ sockstat
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
gns sshd 1025 3 tcp4 192.168.99.2:22 131.193.1.197:52268
gns sshd 1025 4 stream -> ??
root sshd 1021 3 tcp4 192.168.99.2:22 131.193.1.197:52268
root sshd 1021 5 stream -> ??
root cron 943 4 dgram -> /var/run/logpriv
root sshd 939 3 tcp4 192.168.99.2:1000 *:*
root sshd 939 4 tcp4 192.168.99.2:22 *:*
root syslogd 868 4 dgram /var/run/log
root syslogd 868 5 dgram /var/run/logpriv
root syslogd 868 6 udp4 192.168.99.2:514 *:*
I figured out a fix which is just to open /etc/rc.d/sshd and add a
sleep 2
command in the beginning of the file, which apparently delays sshd enough to allow the ipv6 ifconfig to take effect on the interface. This seems to be a hacky fix and I still suspect I've set something up incorrectly.Thanks all,
-gns