How to enable SSHD on FreeBSD server / jail

last updated in Categories , , ,

I have installed FreeBSD jail and set up an IP address. However, I am unable to ssh directly into my FreeBSD jail. How do I enable OpenSSH SSHD on the FreeBSD server?

FreeBSD jail is nothing but OS-level virtualization. It allows developers and system administrators to partition a FreeBSD system into independent mini-systems. For example, we can set up one jail for a web server and another for the email server. This quick tutorial shows how to enable the SSHD server on FreeBSD.
Tutorial requirements
Operating system/appFreeBSD
Root privileges requiredYes
DifficultyEasy (rss)
Estimated completion time5m
Table of contents

ADVERTISEMENTS


Step 1 – Log in to FreeBSD server to enable SSHD on FreeBSD

Use the ssh command or directly log in using the console. For example, I am using the ssh to log into my FreeBSD host:
$ ssh vivek@192.168.2.17
Run the jls command to list your jails and note down JID (jail id):
$ jls

   JID  IP Address      Hostname                      Path
     1                  rsnapshot                     /nixcraft/jails/rsnapshot/root

Step 2 – Execute a command inside jail to gain shell access

Now we logged into the host and obtained JID. It is time to gain a root shell inside the jail by its JID. In other words, use the jexec command as follows:
$ sudo jexec JID sh
$ sudo jexec JID tcsh
$ su -
# jexec 1 tcsh

Next will see how to enable SSHD on FreeBSD jail.

Step 3 – Enabling SSHD on FreeBSD jail or server

Set sshd_enable to YES in /etc/rc.conf as follows for enabling SSHD on FreeBSD box/jail and then use the service command to start it:
# echo 'sshd_enable="YES"' >> /etc/rc.conf

A note about sysrc command

Is sshd enabled? Find out:
# sysrc sshd_enable
Enable it if not enabled on your system:
# sysrc sshd_enable=YES
See sysrc command man page for more information here.

Step 4 – Starting SSHD on FreeBSD server

Run the service command as follows:
# service sshd start
Verify it:
# service sshd status
We can also use the netstat command or sockstat command to verify that ssh is running and TCP port 22 opened:
# netstat -nat | grep LISTEN
# sockstat -4 -l

Enabling sshd on FreeBSD jail
See “FreeBSD List / Display Open Ports With sockstat Command” for more information. You can now log in using the ssh:
$ ssh user-name@jail-ip-address-here
$ ssh vivek@192.168.2.236

Step 5 – Control OpenSSH daemon on FreeBSD

The syntax is:
# service sshd start # <-- start the service
# service sshd stop # <-- stop the service
# service sshd restart # <-- restart the service
# service sshd status # <-- Get the status of service
# service -e # <-- Show services that are enabled on FreeBSD box/jail

Step 6 – Add a new FreeBSD user and set up sudo access

By default, the root user is not allowed to log in using the ssh. It is also good practice from a security point of view. Hence, we must add a new user on FreeBSD. Let us add a new user interactively:
# adduser
Another option for seasoned sysadmin is pw command:
# pw user add -n vivek -c 'Vivek Gite' -d /home/vivek -G wheel -m -s /bin/tcsh
# passwd vivek

Make sure sudo is installed using the pkg command:
# pkg install sudo

Updating FreeBSD repository catalogue...
[rsnapshot] Fetching meta.conf: 100%    163 B   0.2kB/s    00:01    
[rsnapshot] Fetching packagesite.txz: 100%    6 MiB   1.7MB/s    00:04    
Processing entries: 100%
FreeBSD repository update completed. 32045 packages processed.
All repositories are up to date.
Updating database digests format: 100%
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	gettext-runtime: 0.20.2
	indexinfo: 0.3.1
	sudo: 1.9.1

Number of packages to be installed: 3

The process will require 5 MiB more space.
1 MiB to be downloaded.

Proceed with this action? [y/N]: y
[rsnapshot] [1/3] Fetching sudo-1.9.1.txz: 100%  904 KiB 154.3kB/s    00:06    
[rsnapshot] [2/3] Fetching gettext-runtime-0.20.2.txz: 100%  162 KiB 166.0kB/s    00:01    
[rsnapshot] [3/3] Fetching indexinfo-0.3.1.txz: 100%    6 KiB   5.8kB/s    00:01    
Checking integrity... done (0 conflicting)
[rsnapshot] [1/3] Installing indexinfo-0.3.1...
[rsnapshot] [1/3] Extracting indexinfo-0.3.1: 100%
[rsnapshot] [2/3] Installing gettext-runtime-0.20.2...
[rsnapshot] [2/3] Extracting gettext-runtime-0.20.2: 100%
[rsnapshot] [3/3] Installing sudo-1.9.1...
[rsnapshot] [3/3] Extracting sudo-1.9.1: 100%

Next run:
# visudo
Find and uncomment the following line to allow members of group wheel to execute any command:
%wheel ALL=(ALL) ALL
Save and close the file in vim.

Test it

Again use the ssh command to log into the FreeBSD jail:
$ ssh vivek@192.168.2.236
Gain root shell:
$ sudo -i
Test FreeBSD ssh access once sshd enabled on FreeBSD jail
See “How To Set up SSH Keys on a Linux / Unix System” for password less log in.

Conclusion

In this quick tutorial, we explained how to enable sshd on FreeBSD. Further, you learned how to add a new user and grant sudo access using various commands. See FreeBSD jails docs here for more info.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.


ADVERTISEMENTS

Leave a Comment