Difference between revisions of "Configuring FreeBSD Jails"

From ZS64
Jump to navigationJump to search
 
(Translate, wiki)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
In dieser Seite sollten wir kleine Anmerkungen versenken wenn wir an Daemons rumspielen so dass man hinterher weiss weshalb was gemacht wurde.
+
After creating a jail in FreeBSD, the default configuration of many subsystems should be adapted to better suit the restrictions in a jail.
  
sshd
+
==sshd==
----
+
Normally, sshd will create X11 connections on the localhost host address only to improve security. Since jails don't have a loopback address, X11 forwarding only works if sshd uses a wildcard bind for the X11 connections.
  
In Jails muss man
+
In /etc/ssh/sshd_config, add:
 
+
X11UseLocalhost no
X11UseLocalhost yes (default) ->
 
X11UseLocalhost no
 
 
 
haben. Ansonsten geht das X11-forwarding nicht (die localhost Einstellung zerhaut den xauth mechanismus in einem Jail).
 

Latest revision as of 18:34, 5 September 2006

After creating a jail in FreeBSD, the default configuration of many subsystems should be adapted to better suit the restrictions in a jail.

sshd

Normally, sshd will create X11 connections on the localhost host address only to improve security. Since jails don't have a loopback address, X11 forwarding only works if sshd uses a wildcard bind for the X11 connections.

In /etc/ssh/sshd_config, add:

X11UseLocalhost no