SSH with IPv6 support
Carmen Sandiego on Thursday, 08 January 2009 17:48:43
Trying to connect to my server with SSH
my sshd_config file
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
ListenAddress 2001:16d8:ee00:76::2
ListenAddress 0.0.0.0
ERROR:
slippern@sjokobox:~$ ssh -6 2001:16d8:ee00:76::2
ssh: connect to host 2001:16d8:ee00:76::2 port 22: Connection refused
i know the firewall is blocking port 22, but only on IPv4.
but it should work with IPv6?
with a IPv6 tunnell i should avoid the firewall...
SSH with IPv6 support
Jeroen Massar on Thursday, 08 January 2009 17:55:21
Try 'netstat -an' or if on Linux 'netstat -anp' (-p only works as root, otherwise it won't resolve PIDs to processes) and check if your sshd is really listening on IPv6. This should be the case on most distributions though.
Normally (eg on Debian, and most likely thus on every openssh) just having no ListenAddress directives should work. You can also use "ListenAddress ::" to specify any of course.
Last but not least: check your log files (/var/log/*) for possible warnings/errors etc.
SSH with IPv6 support
Carmen Sandiego on Thursday, 08 January 2009 17:57:06
You might want to simplify your IPv6 listen address as "ListenAddress ::". You didn't say which OS you are running, but if you are running ipf/ipfilter/iptables you might want to also check the ipv6-specific file to make sure 22/tcp is allowed.
SSH with IPv6 support
Carmen Sandiego on Thursday, 08 January 2009 18:02:32
Im running debian, i used netstat -anp and i it stood that ssh was listen to 0.0.0.0:22
i could not see that it was listen to an IPv6 address..
I have restarted ssh...
SSH with IPv6 support
Shadow Hawkins on Thursday, 08 January 2009 18:38:06
This is the output from my BSD machine:
[carl@ipv6router ~]$ netstat -a
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 *.ssh *.* LISTEN
tcp6 0 0 *.ssh *.* LISTEN
Does that look similar to your Debian box? Obviously, the 0.0.0.0:22 is IPv4..is there anything like ::/0 in your list?
SSH with IPv6 support
Carmen Sandiego on Thursday, 08 January 2009 18:43:54
nope..
only this one:
tcp 0 0 *:ssh *:* LISTEN
the IPv6 tcp connections some is in the netstat -a is some eggdrops...
SSH with IPv6 support
Shadow Hawkins on Friday, 09 January 2009 01:06:11
Well, "lsof -i -n | grep ssh" show this for me:
sshd 3283 root 3u IPv6 8973 TCP *:ssh (LISTEN)
and it's listening on all IPv4/IPv6.
This is on Debian and it has always worked.
In /etc/ssh/sshd_config i've specified NO ListenAddress.
If I specify ListenAddress, it'll look like this:
sshd 28631 root 3u IPv4 144192479 TCP x.x.x.x:ssh (LISTEN)
sshd 28631 root 4u IPv6 144192481 TCP [yyyy:yyyy:yyyy:yyyy:yyyy:yyyy:yyyy:yyyy]:ssh (LISTEN)
What ssh package are you using ?
(dpkg -l | grep ssh)
SSH with IPv6 support
Shadow Hawkins on Friday, 09 January 2009 22:49:31
Check what is listening on port 22. Is it perhaps inetd or xinetd? I recall Debian (at least in the past) can install sshd to run as a daemon or have it launched by inetd/xinetd. If you find that you are having inetd listening on port 22 then try dpkg-reconfigure ssh and tell it to run as a daemon and not launch from inetd. If xinetd or something else is listening to port 22 then you may have to make some manual adjustments. (I haven't tweaked my Debian configs in quite a while, so I may be a bit outdated on the details. But if something besides sshd is listening on port 22 then changing the Listen addresses in sshd_config isn't going to make a difference.)
Posting is only allowed when you are logged in. |