5. Feature / 'bug fix' request - SSH Bind to Lan

Feature / 'bug fix' request - SSH Bind to Lan

  • S

    Hey guys,

    I know this is rather late in the release cycle, but I just started testing 1.2.3 and found a problem with the jail package.
    (Actually found a few, will be submitting the patches hopefully this evening.. but this is more host related)

    Once you create a jail, you can't actually access it via ssh as the host (pfsense), listens to all ips for a ssh connection.

    Would it be possible to add a bind to lan ip option to the ssh service, much like the snmpd daemon? and hopefully get it into this release?

    The following added to /etc/sshd appears to work for me, obviously, this would need some gui modifications as well.
    otherwise some more work needs to be done on the jail package, to start ssh on another port?!?

    
                if(isset($config['ssh']['bindlan'])) {
                        $bind_to_ip = $config['interfaces']['lan']['ipaddr'];
                } else {
                        $bind_to_ip = "0.0.0.0";
                }

                    $sshconf .= "ListenAddress " . $bind_to_ip;

    Of course, depending on the uses of the jail(s), dnsmasq and lighttpd would need to be modified as well.. but for now, ssh is the killer.

    If you don't want to do this, please do let me know, and I will work up another patch to put the jails ssh on another port..

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy