FreeBSD - Can't access jail from SSH

ssh authentication freebsd jail
6,624

Solution 1

You should confirm that the password set correctly by either manually copying the files in as Robert Novak suggests, or login to the jail with jexec ${jailID} /bin/tcsh and passwd (you can use jls to find out the jail ID).

Also, verify that PermitRootLogin yes in /etc/ssh/sshd_config.

EDIT: After you edit or copy /etc/master.passwd, you need to run /usr/sbin/pwd_mkdb -p /etc/master.passwd to tell FreeBSD to remake the binaries based on the new file(s).

Solution 2

Each jail should have its own passwd file. If you copied the host's /etc/master.passwd and /etc/passwd into the jails, then the passwords would be identical. Otherwise, I believe you will have to reset the password manually.

Share:
6,624
Romain
Author by

Romain

Some Swift and Python developer, not doing this for living.

Updated on September 17, 2022

Comments

  • Romain
    Romain almost 2 years

    I need your help for solving an SSH+FreeBSD+jails authentication issue.

    I've (almost) successfully set up a jailed environment on my FreeBSD 8.2 box.

    My FreeBSD host has 2 network interfaces: 192.168.1.41/24 (regular network) and 172.16.100.41/24 (admin network).

    Its one and only jail is configured to listen on both 192.168.1.101 and 172.16.100.101 IP addresses. I have configured sshd in the jail to listen on the admin interface only (that is, 172.16.100.101).

    Everything described above works, but what I can't do is, connecting to the jail via SSH from the host (being logged as root on the host). After accepting the public key, I'm asked for a password (which I believe is root's password), and after 3 attempts, I always get the message "Permission denied (publickey,keyboard-interactive)". The same message is logged in the jail's /var/log/auth.log.

    The following commands all yield the same result:

    ssh 172.16.100.101

    ssh [email protected]

    ssh -l root 172.16.100.101

    I'm expecting the jail's root password to be the same as my host's root password, right? What am I missing? Or where should I be looking for more hints?

    Thanks for your help!

  • Romain
    Romain over 13 years
    Thanks for pointing this out. See my answer to Robert Novak, I indeed had to explicitly PermitRootLogin yes in the sshd config file, but I still don't understand why I also need to reset root's password.
  • Romain
    Romain over 13 years
    OK so I found out that you actually need to copy 4 files: /etc/passwd, /etc/master.passwd and their binary counterparts: /etc/pwd.db and /etc/spwd.db. Otherwise I guess the state is inconsistent between these pairs, and nothing works until you reset the password using passwd!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SSH_ORIGINAL_COMMAND variable not getting set
unable to connect to the aws ec2 instance,Host key verification failed
Why password authentication is not allowed?
FreeBSD: jail can not set security.jail.sysvipc_allowed
Public key authentication Permission denied (publickey)
google authenticator for certain users
Permission denied (publickey) Amazon Linux aws
How to change the default position of ~/.ssh/authorized_keys
Can't connect to a remote server with Nautilus and a private key
SSH with LDAP authentication (ActiveDirectory) and ssh keys stored in AD