FreeBSD Jail 和 SSH - /dev/tty:没有这样的文件或目录
当我尝试从 JAIL 内部通过 SSH 连接时,出现此错误:
# ssh [email protected]
...
debug1: read_passphrase: can not open / dev / tty: No such file or directory
Host key verification failed.
在 JAIL 外部一切正常。有什么想法吗?
重现步骤:
# jls
JID IP Address Hostname Path
1 10.10.3.1 demo.example.com /jails/demo
# jexec 1 tcsh
(inside jail:)
# ssh [email protected]
When I try to connect through SSH from inside the JAIL I get this error:
# ssh [email protected]
...
debug1: read_passphrase: can not open / dev / tty: No such file or directory
Host key verification failed.
Outside JAIL everythng is working properly. Any ideas?
Steps to reproduce:
# jls
JID IP Address Hostname Path
1 10.10.3.1 demo.example.com /jails/demo
# jexec 1 tcsh
(inside jail:)
# ssh [email protected]
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您的监狱根目录是否通过 devfs 挂载填充了 /dev 文件系统?现在看来还不行。
重要说明:您应该能够使用 devfs 规则来限制被监禁进程可见的设备。特别是,访问原始磁盘设备节点是一个坏主意。 jail(8) 联机帮助页在以下段落附近对此进行了描述:
您应该能够在
/jails/demo/dev
下挂载 devfs,并通过以 root 身份运行以下命令来应用推荐的监狱设备规则:当然,您也可以编写
/etc/defaults/devfs.rules
中的自定义规则集,甚至是仅适用于特定监狱的特殊 devfs 规则集。有关更多详细信息,另请参阅 jail(8)、devfs(8) 和 devfs.rules(5) 的联机帮助页。
Does your jail root have a populated /dev filesystem through a devfs mount? It looks like it doesn't right now.
Important note: You should be able to use devfs rules to limit the devices visible to jailed processes. In particular, access to raw disk device nodes is a bad idea. The jail(8) manpage describes this near the following paragraph:
You should be able to mount devfs under
/jails/demo/dev
and apply the recommended jail device rules by running as root the following commands:Of course, you can also write a custom ruleset in
/etc/defaults/devfs.rules
, even a special devfs ruleset that only applies to a specific jail.For more details see also the manpages for jail(8), devfs(8), and devfs.rules(5).
如果您通过监狱命令进入监狱,您也可能会遇到这种情况。如果你启动监狱并通过 SSH 进入它,你应该会有更好的运气。
You may also experience this if you're entered the jail via the jail command. If you start up the jail and SSH into it, you should have better luck.
devfs 文件系统可能没有安装在您的监狱中。很多事情都会失败,不仅仅是 ssh。
要自动安装经过正确过滤的 devfs,最好的选择是使用 rc.conf 变量:
然后你可以使用“/etc/rc.d/jail start demo”停止/停止它,e
The devfs filesystem is probably not mounted in your jail. Many things will fail, not just ssh.
To mount a properly-filtered devfs automotically, your best bet is to use rc.conf variables:
Then you can stop/stop it using "/etc/rc.d/jail start demo", e