[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#80503: ssh: default configuration breaks IPv6

¡Hola!

> > > Openssh provides the admin a good chosen default (that's activated when
> > > no ListenAddress directive is present) I don't understand why D.Miller has
> > > changed it.
> > Well, maybe we will find it out. :)

>  AFAIK if the DNS ipv6 reverse lookup times out then the entire
> reverse lookup times out (either way you have to wait for it), this
> was certainly a feature of older glibc releases (older may mean before
> 2.2.0 as well).

What reverse lookup? Why does sshd needs to do that reverse lookup?

(BTW, strace'ing sshd there is no reverse lookup done. And when the connection
is established the reverse lookup would be determined by the host connecting
to our server -ie, if it uses ipv6 the reverse lookup will be on the ipv6
address and if ipv4 on the ipv4 address, yet just one reverse lookup and not
two)

> > > No. That's a bind(2) call. There is no dns lookup anywhere.
> > Are you sure? I think there's also a dns-lookup involved as otherwise
> > you won't know the IP-address of the host that ssh should connect to.
>  The listen address does just influence the bind() call (or should),
> but if sshd is listening on the ipv6 port then it'll try ipv6 lookups
> ... which is the prolem.

If the connection is made using IPv4 the reverse lookup only could be done
on the ipv4 address of the client. 

> # James Antill -- james@and.org

					HoraPe
---
Horacio J. Peña
horape@compendium.com.ar
horape@uninet.edu
bofh@puntoar.net.ar
horape@hcdn.gov.ar
Reply to: