Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Feature / 'bug fix' request - SSH Bind to Lan

    Scheduled Pinned Locked Moved 1.2.3-PRERELEASE-TESTING snapshots - RETIRED
    1 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sn3ak
      last edited by

      Hey guys,

      I know this is rather late in the release cycle, but I just started testing 1.2.3 and found a problem with the jail package.
      (Actually found a few, will be submitting the patches hopefully this evening.. but this is more host related)

      Once you create a jail, you can't actually access it via ssh as the host (pfsense), listens to all ips for a ssh connection.

      Would it be possible to add a bind to lan ip option to the ssh service, much like the snmpd daemon? and hopefully get it into this release?

      The following added to /etc/sshd appears to work for me, obviously, this would need some gui modifications as well.
      otherwise some more work needs to be done on the jail package, to start ssh on another port?!?

      
                      if(isset($config['ssh']['bindlan'])) {
                              $bind_to_ip = $config['interfaces']['lan']['ipaddr'];
                      } else {
                              $bind_to_ip = "0.0.0.0";
                      }
      
                          $sshconf .= "ListenAddress " . $bind_to_ip;
      
      

      Of course, depending on the uses of the jail(s), dnsmasq and lighttpd would need to be modified as well.. but for now, ssh is the killer.

      If you don't want to do this, please do let me know, and I will work up another patch to put the jails ssh on another port..

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.