Re: Bug#80503: ssh: default configuration breaks IPv6
[I'm CC'ing to debian-ipv6 again, sorry for not adding the notice before]
¡Hola!
> > ListenAddress shouldn't be set by default. ListenAddress is to be used
> > when you want to bind only some addresses. The admin is who should add
> > that directive if it's needed.
> Well, but debian should provide the admin and the users also with some
> good choosen defaults.
Openssh provides the admin a good chosen default (that's activated when
no ListenAddress directive is present) I don't understand why D.Miller has
changed it.
> > I'll ask Damien Miller why does his patch add that directive.
> Thanks, this directive has not been changed in the debian package of
> openssh, so I would suggest that you convince him first.
I've writen to the openssh-unix-dev list asking about that.
> > > > > |ListenAddress 0.0.0.0
> > > > > |#ListenAddress ::
> > > > That's not a solution. Because in IPv4 only machines ListenAddress :: doesn't
> > > > work.
> > > Then you comment out both lines. :( This is not very difficult to do for
> > > any admin who wants to use IPv4 _and_ IPv6.
> > Yep, but why to restrict the default config?
> Because this option is not changed by the debian maintainer and has been
> set up by the upstream and I would rather like to see a change in the
> upstream package then a fix for this in your diff.gz.
Really, i don't believe that's that way. There is an upstream package, a
"mediumstream" package and debian package. The "mediumstream" patch
breaks something. Maybe debian should fix what "mediumstream" has broken.
> > > > > Therefor this report should be changed to severity wishlist, which
> > > > > would be more approiate.
> > > > I believe that being so trivial to fix it, it should be changed to
> > > > fixed, not put in the wait queue.
> > > Why? You fail to give a good explanation why we should add this support
> > Options are:
> > (a) ListenAddress set: IPv4 works, IPv6 doesn't.
> > (b) ListenAddress unset: IPv4 works the very same way, IPv6 works.
> Would this cause first an IPv6 lookup for the IP and then a IPv4 lookup?
[I assume lookup = dns lookup, else i don't understand the question]
No. That's a bind(2) call. There is no dns lookup anywhere.
> > Being that there is an active IPv6 using community of Debian users, i
> > believe (b) option wins even if IPv6 support is not a near-term
> > objective for you.
> s/for you/for debian/ :)
Ok. :-)
> Well, how fast is IPv6 developed? If you think about other tols and
> there IPv6-Support you will notice that it's even worse then the support
> in openssh (especially 2.3.0p1).
Yep, but that's something I regret. I've been a debian user for more than
five years, but when i needed to work seriously with IPv6 I had to install
some BSDs (and we're FAR behind them, FBSD even allows installing over
the 6bone)
> Ciao
> Christian
HoraPe
---
Horacio J. Peña
horape@compendium.com.ar
horape@uninet.edu
bofh@puntoar.net.ar
horape@hcdn.gov.ar
Reply to: