FreeBSD jail is nothing but OS-level virtualization. It allows developers and system administrators to partition a FreeBSD system into independent mini-systems. For example, we can set up one jail for a web server and another for the email server. This quick tutorial shows how to enable the SSHD server on FreeBSD.
Tutorial requirements | |
---|---|
Operating system/app | FreeBSD |
Root privileges required | Yes |
Difficulty | Easy (rss) |
Estimated completion time | 5m |
Step 1 – Log in to FreeBSD server to enable SSHD on FreeBSD
Use the ssh command or directly log in using the console. For example, I am using the ssh to log into my FreeBSD host:
$ ssh vivek@192.168.2.17
Run the jls command to list your jails and note down JID (jail id):
$ jls
JID IP Address Hostname Path 1 rsnapshot /nixcraft/jails/rsnapshot/root
Step 2 – Execute a command inside jail to gain shell access
Now we logged into the host and obtained JID. It is time to gain a root shell inside the jail by its JID. In other words, use the jexec command as follows:
$ sudo jexec JID sh
$ sudo jexec JID tcsh
$ su -
# jexec 1 tcsh
Next will see how to enable SSHD on FreeBSD jail.
Step 3 – Enabling SSHD on FreeBSD jail or server
Set sshd_enable to YES in /etc/rc.conf as follows for enabling SSHD on FreeBSD box/jail and then use the service command to start it:
# echo 'sshd_enable="YES"' >> /etc/rc.conf
A note about sysrc command
Is sshd enabled? Find out:
# sysrc sshd_enable
Enable it if not enabled on your system:
# sysrc sshd_enable=YES
See sysrc command man page for more information here.
Step 4 – Starting SSHD on FreeBSD server
Run the service command as follows:
# service sshd start
Verify it:
# service sshd status
We can also use the netstat command or sockstat command to verify that ssh is running and TCP port 22 opened:
# netstat -nat | grep LISTEN
# sockstat -4 -l
See “FreeBSD List / Display Open Ports With sockstat Command” for more information. You can now log in using the ssh:
$ ssh user-name@jail-ip-address-here
$ ssh vivek@192.168.2.236
Step 5 – Control OpenSSH daemon on FreeBSD
The syntax is:
# service sshd start # <-- start the service
# service sshd stop # <-- stop the service
# service sshd restart # <-- restart the service
# service sshd status # <-- Get the status of service
# service -e # <-- Show services that are enabled on FreeBSD box/jail
Step 6 – Add a new FreeBSD user and set up sudo access
By default, the root user is not allowed to log in using the ssh. It is also good practice from a security point of view. Hence, we must add a new user on FreeBSD. Let us add a new user interactively:
# adduser
Another option for seasoned sysadmin is pw command:
# pw user add -n vivek -c 'Vivek Gite' -d /home/vivek -G wheel -m -s /bin/tcsh
# passwd vivek
Make sure sudo is installed using the pkg command:
# pkg install sudo
Updating FreeBSD repository catalogue... [rsnapshot] Fetching meta.conf: 100% 163 B 0.2kB/s 00:01 [rsnapshot] Fetching packagesite.txz: 100% 6 MiB 1.7MB/s 00:04 Processing entries: 100% FreeBSD repository update completed. 32045 packages processed. All repositories are up to date. Updating database digests format: 100% The following 3 package(s) will be affected (of 0 checked): New packages to be INSTALLED: gettext-runtime: 0.20.2 indexinfo: 0.3.1 sudo: 1.9.1 Number of packages to be installed: 3 The process will require 5 MiB more space. 1 MiB to be downloaded. Proceed with this action? [y/N]: y [rsnapshot] [1/3] Fetching sudo-1.9.1.txz: 100% 904 KiB 154.3kB/s 00:06 [rsnapshot] [2/3] Fetching gettext-runtime-0.20.2.txz: 100% 162 KiB 166.0kB/s 00:01 [rsnapshot] [3/3] Fetching indexinfo-0.3.1.txz: 100% 6 KiB 5.8kB/s 00:01 Checking integrity... done (0 conflicting) [rsnapshot] [1/3] Installing indexinfo-0.3.1... [rsnapshot] [1/3] Extracting indexinfo-0.3.1: 100% [rsnapshot] [2/3] Installing gettext-runtime-0.20.2... [rsnapshot] [2/3] Extracting gettext-runtime-0.20.2: 100% [rsnapshot] [3/3] Installing sudo-1.9.1... [rsnapshot] [3/3] Extracting sudo-1.9.1: 100%
Next run:
# visudo
Find and uncomment the following line to allow members of group wheel to execute any command:
%wheel ALL=(ALL) ALL
Save and close the file in vim.
Test it
Again use the ssh command to log into the FreeBSD jail:
$ ssh vivek@192.168.2.236
Gain root shell:
$ sudo -i
See “How To Set up SSH Keys on a Linux / Unix System” for password less log in.
Conclusion
In this quick tutorial, we explained how to enable sshd on FreeBSD. Further, you learned how to add a new user and grant sudo access using various commands. See FreeBSD jails docs here for more info.
🐧 0 comments... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |