Enabling SSH root access to a FreeBSD jail
Jun 30, 2017
2 minute read

I run Plex media server in a FreeBSD based jail. Until now, to connect to the Plex system I would first ssh to the host system. Then I would run jls to find the jid of the jail.

# jls
   JID  IP Address      Hostname                      Path
     1  -               plex                          /mnt/vol1/jails/plex

I could then connect to the jail system by passing the jid as an argument to jexec with the shell to execute.

# jexec 1 tcsh
[email protected]:/ #

While this works, it involves extra unnecessary steps. I want to be able to connect to the jail system directly via ssh. Bonus points if I can do this directly as the root user. It turns out doing so is surprisingly simple and is just a matter of enabling and running the sshd service on the target system.

Without any configuration if you try to start the sshd service you will likely receive a message similar to the one shown below.

[email protected]:/ # service sshd start
Cannot 'start' sshd. Set sshd_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.

To allow the sshd service to run, edit /etc/rc.conf either adding or editing the sshd_enable parameter, setting the value to “YES”.


After saving the /etc/rc.conf file, the sshd service can be started.

[email protected]:/ # service sshd start
Performing sanity check on sshd configuration.
Starting sshd.

At this point any users configured on the target system should have ssh access (except root).

To allow root to ssh to the system, First ensure root has a known password on the target system. If you need to set the root password, run passwd as root on the target system.

[email protected]:/ # passwd
Changing local password for root
New Password:
Retype New Password:
[email protected]:/ #

Next edit /etc/ssh/sshd_config to allow root login via ssh. Find the #PermitRootLogin no parameter, uncomment it and set it to yes.

PermitRootLogin yes

Save the /etc/ssh/sshd_config file and restart the sshd service.

[email protected]:/ # service sshd restart
Performing sanity check on sshd configuration.
Stopping sshd.
Waiting for PIDS: ####.
Performing sanity check on sshd configuration.
Starting sshd.

Now test direct ssh access to the jail system using the hostname or the ip address.

$ ssh -l root plex
Password for [email protected]:

[email protected]:~ #

Thats it!