This role provides a jailed sshd server. Nothing more.

All incoming ssh connection will be redirected to this jail and if the user is allowed to login again forwarded to the hosts internal ssh server (needs proxy command to be set up - see Vagrantfile within this project for example).

This role is intent to be used with a fresh FreeBSD 11.2 installation. There is a Vagrant Box with providers for VirtualBox and EC2 you may use.

The public key used for user authentication. Will be added to authorized_key file of the user (host/jail). Defaults to vagrants insecure public key.

Set to yes if this jail is used as jump host for the host system. Default: no.

The port the sshd server should listen on. Default: 22.

The user name used to connect via ssh. Default: 'vagrant'.

The group id the ssh user should belong to. Default: 1001.

The ssh user's home directory. Default: /home/{{ sshd_user }}.

The default shell for the ssh user. Default: /bin/sh.

The id for the ssh user. Default: 1001.

• JoergFiedler.freebsd-jailed

- hosts: all
  become: true

  tasks:
    - import_role:
        name: 'JoergFiedler.freebsd-jail-host'
    - include_role:
        name: 'JoergFiedler.freebsd-jailed-sshd'
      vars:
        jail_net_ip: '10.1.0.10'
        jail_name: 'sshd'
        sshd_jump_host: true

BSD

Any ideas to improve this project, please open an issue on Github. Thanks.