I wanted to set up a programming jail for myself and I took some notes and I thought I’d share. This will also make a good “template jail”. Feel free to send all compliments to @John and complaints to @winnielinnie (who does not actually have anything to do with this post, I just thought it would be fun to toss someone under the bus–I’m going for my “bus-driver badge” on this wacky forum).
These notes are not anything overly complicated or profound–or even that good–but I thought I’d share nonetheless in case someone is in need of a decent starting point.
= SET UP PROGRAMMERS JAIL =
I have my own ZSH and VIM configs I upload but if you have a different
shell or editor you like to use…
== PACKAGES ==
- git-tiny
- doas
>> See sample conf and/or man page. - zsh
- neovim / vim / vim-tiny
- openssh
- perl5
(optional) * unison
(optional) * rsync
== TODO ==
- Create user
pw user add -n john -d /home/john -G wheel -m -s /usr/local/bin/zsh
- Give password
passwd john
- Give password
== NETWORK ==
- Edit the sshd_config.
/usr/local/etc/ssh/sshd_config
Port <NOT 22> AuthenticationMethods publickey StrictModes yes PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 # Only allow whitelisted users AllowUsers john
- Enable OpenSSH.
/etc/rc.conf
sshd_enable="NO" openssh_enable="YES"
- Start the new SSH server:
service openssh start
- Allow user
john
passwordless login.
* Client side public key generation (if needed)
ssh-keygen -t ed25519
* Client side key upload (to jail).
ssh-copy-id -i ~/.ssh/id_ed25519.pub <JAIL NAME>
* Client side SSH congif entry.
Host <JAIL NAME>
User john
Hostname <IP>
port <NOT 22>
IdentityFile ~/.ssh/id_ed25519
- Stop the old SSH daemon (After you have successfully logged
in via new SSH port).
service sshd onestop
Jail is now setup. This should make a good “template” jail you can
use to create new jails from.