FreeBSD - Jail - Secure Jumphost
FreeBSD jail
ezjail-admin create bastion 'bridge0|10.0.0.10'
pkg install bash
OpenSSH-Portable
pkg install openssh-portable
$ cat /etc/rc.conf
# OpenSSH
sshd_enable="NO"
openssh_enable="YES"
Check only what the current best practices are regarding the full OpenSSH daemon configuration. For example check; https://infosec.mozilla.org/guidelines/openssh
$ cat /usr/local/etc/sshd
...
ListenAddress 10.0.0.10
...
Stop and start the services.
service sshd stop
service openssh start
User
Create a default user and make sure the user has the /usr/local/bin/rbash shell.
$ mkdir <user homedir path>/bin
Symlink the only required binaries into this directory.
$ ln -s /usr/local/bin/ssh <user homedir path>/bin/ssh
Create bash profile.
$ cat .bash_profile
PATH=$HOME/bin
export PATH
Make sure the permissions are correct.