FreeBSD - Can't access jail from SSH
Solution 1
You should confirm that the password set correctly by either manually copying the files in as Robert Novak suggests, or login to the jail with jexec ${jailID} /bin/tcsh
and passwd
(you can use jls
to find out the jail ID).
Also, verify that PermitRootLogin yes
in /etc/ssh/sshd_config
.
EDIT: After you edit or copy /etc/master.passwd
, you need to run /usr/sbin/pwd_mkdb -p /etc/master.passwd
to tell FreeBSD to remake the binaries based on the new file(s).
Solution 2
Each jail should have its own passwd file. If you copied the host's /etc/master.passwd and /etc/passwd into the jails, then the passwords would be identical. Otherwise, I believe you will have to reset the password manually.
![Romain](https://i.stack.imgur.com/w1JLX.jpg?s=256&g=1)
Romain
Some Swift and Python developer, not doing this for living.
Updated on September 17, 2022Comments
-
Romain almost 2 years
I need your help for solving an SSH+FreeBSD+jails authentication issue.
I've (almost) successfully set up a jailed environment on my FreeBSD 8.2 box.
My FreeBSD host has 2 network interfaces: 192.168.1.41/24 (regular network) and 172.16.100.41/24 (admin network).
Its one and only jail is configured to listen on both 192.168.1.101 and 172.16.100.101 IP addresses. I have configured
sshd
in the jail to listen on the admin interface only (that is, 172.16.100.101).Everything described above works, but what I can't do is, connecting to the jail via SSH from the host (being logged as
root
on the host). After accepting the public key, I'm asked for a password (which I believe isroot
's password), and after 3 attempts, I always get the message"Permission denied (publickey,keyboard-interactive)"
. The same message is logged in the jail's/var/log/auth.log
.The following commands all yield the same result:
ssh 172.16.100.101
ssh -l root 172.16.100.101
I'm expecting the jail's
root
password to be the same as my host'sroot
password, right? What am I missing? Or where should I be looking for more hints?Thanks for your help!
-
Romain over 13 yearsThanks for pointing this out. See my answer to Robert Novak, I indeed had to explicitly
PermitRootLogin yes
in thesshd
config file, but I still don't understand why I also need to resetroot
's password. -
Romain over 13 yearsOK so I found out that you actually need to copy 4 files:
/etc/passwd
,/etc/master.passwd
and their binary counterparts:/etc/pwd.db
and/etc/spwd.db
. Otherwise I guess the state is inconsistent between these pairs, and nothing works until you reset the password usingpasswd
!