■FreeBSD10.1-RC4のqjail環境にssh接続してみた。
環境は以下。
FreeBSD10.1-RC4でqjail3.6をインストールしてみた。
http://labunix.hateblo.jp/entry/20141122/1416649086
$ cat /etc/jail.conf
qjail001 {
host.hostname = "qjail001";
path = "/usr/jails/qjail001";
mount.fstab = "/usr/local/etc/qjail.fstab/qjail001";
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/qjail.qjail001.console.log";
mount.devfs;
ip4.addr = 192.168.100.1;
interface = "em0";
devfs_ruleset = "4";
}
$ sudo qjail list
STA JID NIC IP Jailname
--- ---- --- --------------- --------------------------------------------------
DR 3 em0 192.168.100.1 qjail001
■ホスト側のsshdの設定を変更
$ grep "^AddressFamily\|^ListenAddress" /etc/ssh/sshd_config
AddressFamily inet
ListenAddress 172.16.115.128
$ sudo /etc/rc.d/sshd restart
■jail側のsshdの設定を変更
$ sudo qjail console qjail001
qjail001 /root >sh
AddressFamily inet
ListenAddress 192.168.100.1
Performing sanity check on sshd configuration.
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
■sshdのホスト鍵は「service」コマンドで自動的に作成される。
Generating RSA1 host key.
2048 0a:30:a5:4f:d8:aa:e3:18:6e:36:3c:78:83:17:55:a5 root@qjail001 (RSA1)
Generating RSA host key.
2048 f1:8d:6d:39:55:42:1e:46:47:d2:d1:b2:f4:58:0d:98 root@qjail001 (RSA)
Generating DSA host key.
1024 0d:ea:70:29:80:9e:12:90:6a:d1:4f:a4:7d:9d:b5:c5 root@qjail001 (DSA)
Generating ECDSA host key.
256 75:63:ea:c0:79:7a:a6:fb:90:9a:d5:2f:9a:76:3e:2c root@qjail001 (ECDSA)
Generating ED25519 host key.
256 cc:e2:38:61:21:2b:ee:b4:85:b1:32:ee:08:ab:03:55 root@qjail001 (ED25519)
Performing sanity check on sshd configuration.
Starting sshd.
qjail001 /root >exit
■ユーザの作成、ssh鍵の作成
$ sudo qjail console qjail001
qjail001 /root >sh
Username: labunix
Full name: labunix
Uid (Leave empty for default):
Login group [labunix]:
Login group is labunix. Invite labunix into other groups? []:wheel
Login class [default]:
Shell (sh csh tcsh nologin) [sh]:
Home directory [/home/labunix]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : labunix
Password : *****
Full Name : labunix
Uid : 1001
Class :
Groups : labunix wheel
Home : /home/labunix
Home Mode :
Shell : /bin/shWindows Server Technical Preview
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (labunix) to the user database.
Add another user? (yes/no): no
Goodbye!
Generating public/private ECDSA key pair.
Enter file in which to save the key (/home/labunix/.ssh/id_ecdsa):
Created directory '/home/labunix/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/labunix/.ssh/id_ecdsa.
Your public key has been saved in /home/labunix/.ssh/id_ecdsa.pub.
The key fingerprint is:
ef:4a:60:6b:45:25:3a:f1:99:fd:00:0b:18:3e:eb:9c labunix@qjail001
The key's randomart image is:
+--[ECDSA 256]---+
| .oo o . |
| .. = O |
| o o * o |
| o o o |
| . o S . |
| o o + . |
| E o . . |
| . . . |
| ... |
+-----------------+
■jail側にログインプロンプトを設定
$ sudo qjail console qjail001
qjail001 /root >sh
qjail001 /root >exit
logout
■ホスト上から待ち受けポートの確認
$ netstat -an | grep ^tcp4.*.22
tcp4 0 0 192.168.100.1.22 *.* LISTEN
tcp4 0 0 172.16.115.128.22 *.* LISTEN
■jailにsshログインして確認。「\u」のユーザ名が取得出来ていない。
$ ssh 192.168.100.1
Password for labunix@qjail001:
Last login: Sat Nov 22 23:11:32 2014 from 192.168.100.1
FreeBSD 10.1-RC4-p1 (GENERIC)
Welcome to your FreeBSD jail.
[( jail ) \u@qjail001 /usr/home/labunix]$
■jailにsshログインする際に
ユーザ名の取得が出来ないのは残念だけどこれで十分。
$ tail -1 /etc/profile
export PS1="[( jail ) \h:\w]\\$ "
$ ssh 192.168.100.1
Password for labunix@qjail001:
Last login: Sat Nov 22 23:17:59 2014 from 192.168.100.1
FreeBSD 10.1-RC4-p1 (GENERIC)
Welcome to your FreeBSD jail.
[( jail ) qjail001:/usr/home/labunix]$