[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh and ipv6



Jeremy T. Bouse writes:

 > 	Again I'll take a look at the bug reports in between trying to get
 > my bugs clear'd against my packages and let you know personally my findings
 > related to them...

Thanks. I'm thinking of #82468, #95576 and co - I include the text of
the bug report I filed, for reference:

ssh-ing to this system from elsewhere (with Xforwarding disabled,
causes the ssh  session to die, and drop the following to syslog:

(for reference, this is in get_sock_port in canohost.c)

get_sock_port: getnameinfo NI_NUMERICSERV failed

Strace shows this is getting error -6 back (EAI_FAMILY), which is
address family not recognised, or the address length was invalid for
the specified family.

This is because sshd is using IPV6 addresses, and so gets an IPV6
address back from getpeername(), which it then immediatly passes to
get_sock_port, which returns EAI_FAMILY (i.e. it can't deal with
IPV6), and sshd then dies.

passing the -4 option to sshd fixes this (forcing the use of IPV4
address), but this is clearly a workaround, not a solution.

Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org



Reply to: