FreeBSD jail is nothing but OS-level virtualization. It allows developers and system administrators to partition a FreeBSD system into independent mini-systems. For example, we can set up one jail for a web server and another for the email server. This quick tutorial shows how to enable the SSHD server on FreeBSD.
| Tutorial requirements | |
|---|---|
| Operating system/app | FreeBSD |
| Root privileges required | Yes |
| Difficulty | Easy (rss) |
| Estimated completion time | 5m |
Step 1 – Log in to FreeBSD server to enable SSHD on FreeBSD
Use the ssh command or directly log in using the console. For example, I am using the ssh to log into my FreeBSD host:
$ ssh vivek@192.168.2.17
Run the jls command to list your jails and note down JID (jail id):
$ jls
JID IP Address Hostname Path
1 rsnapshot /nixcraft/jails/rsnapshot/root
Step 2 – Execute a command inside jail to gain shell access
Now we logged into the host and obtained JID. It is time to gain a root shell inside the jail by its JID. In other words, use the jexec command as follows:
$ sudo jexec JID sh
$ sudo jexec JID tcsh
$ su -
# jexec 1 tcsh
Next will see how to enable SSHD on FreeBSD jail.
Step 3 – Enabling SSHD on FreeBSD jail or server
Set sshd_enable to YES in /etc/rc.conf as follows for enabling SSHD on FreeBSD box/jail and then use the service command to start it:
# echo 'sshd_enable="YES"' >> /etc/rc.conf
A note about sysrc command
Is sshd enabled? Find out:
# sysrc sshd_enable
Enable it if not enabled on your system:
# sysrc sshd_enable=YES
See sysrc command man page for more information here.
Step 4 – Starting SSHD on FreeBSD server
Run the service command as follows:
# service sshd start
Verify it:
# service sshd status
We can also use the netstat command or sockstat command to verify that ssh is running and TCP port 22 opened:
# netstat -nat | grep LISTEN
# sockstat -4 -l
See “FreeBSD List / Display Open Ports With sockstat Command” for more information. You can now log in using the ssh:
$ ssh user-name@jail-ip-address-here
$ ssh vivek@192.168.2.236
Step 5 – Control OpenSSH daemon on FreeBSD
The syntax is:
# service sshd start # <-- start the service
# service sshd stop # <-- stop the service
# service sshd restart # <-- restart the service
# service sshd status # <-- Get the status of service
# service -e # <-- Show services that are enabled on FreeBSD box/jail
Step 6 – Add a new FreeBSD user and set up sudo access
By default, the root user is not allowed to log in using the ssh. It is also good practice from a security point of view. Hence, we must add a new user on FreeBSD. Let us add a new user interactively:
# adduser
Another option for seasoned sysadmin is pw command:
# pw user add -n vivek -c 'Vivek Gite' -d /home/vivek -G wheel -m -s /bin/tcsh
# passwd vivek
Make sure sudo is installed using the pkg command:
# pkg install sudo
Updating FreeBSD repository catalogue... [rsnapshot] Fetching meta.conf: 100% 163 B 0.2kB/s 00:01 [rsnapshot] Fetching packagesite.txz: 100% 6 MiB 1.7MB/s 00:04 Processing entries: 100% FreeBSD repository update completed. 32045 packages processed. All repositories are up to date. Updating database digests format: 100% The following 3 package(s) will be affected (of 0 checked): New packages to be INSTALLED: gettext-runtime: 0.20.2 indexinfo: 0.3.1 sudo: 1.9.1 Number of packages to be installed: 3 The process will require 5 MiB more space. 1 MiB to be downloaded. Proceed with this action? [y/N]: y [rsnapshot] [1/3] Fetching sudo-1.9.1.txz: 100% 904 KiB 154.3kB/s 00:06 [rsnapshot] [2/3] Fetching gettext-runtime-0.20.2.txz: 100% 162 KiB 166.0kB/s 00:01 [rsnapshot] [3/3] Fetching indexinfo-0.3.1.txz: 100% 6 KiB 5.8kB/s 00:01 Checking integrity... done (0 conflicting) [rsnapshot] [1/3] Installing indexinfo-0.3.1... [rsnapshot] [1/3] Extracting indexinfo-0.3.1: 100% [rsnapshot] [2/3] Installing gettext-runtime-0.20.2... [rsnapshot] [2/3] Extracting gettext-runtime-0.20.2: 100% [rsnapshot] [3/3] Installing sudo-1.9.1... [rsnapshot] [3/3] Extracting sudo-1.9.1: 100%
Next run:
# visudo
Find and uncomment the following line to allow members of group wheel to execute any command:
%wheel ALL=(ALL) ALL
Save and close the file in vim.
Test it
Again use the ssh command to log into the FreeBSD jail:
$ ssh vivek@192.168.2.236
Gain root shell:
$ sudo -i
See “How To Set up SSH Keys on a Linux / Unix System” for password less log in.
Conclusion
In this quick tutorial, we explained how to enable sshd on FreeBSD. Further, you learned how to add a new user and grant sudo access using various commands. See FreeBSD jails docs here for more info.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 0 comments... add one ↓
How To Setup FreeBSD Jails With ezjail
FreeBSD Install Rsnapshot Filesystem Snapshot Backup Utility
How to configure a FreeBSD Jail with vnet and ZFS
How to install and configure Jails on FreeNAS Corral 10
How to determine Linux guest VM virtualization technology
How to install rsnapshot remote backup server on Red Hat/CentOS Linux
How To Patch and Protect OpenSSH Client Vulnerability CVE-2016-0777 and CVE-2016-0778 […
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |