Re: ssh: default configuration breaks IPv6

[horape@tinuviel.compendium.net.ar]

¡Hola!

> > Package: ssh
> > Version: 2.2.0p1-1.1
> > Severity: important

> > /etc/ssh/sshd.conf has the line:

> > ListenAddress 0.0.0.0

> > This avoids ssh listening on IPv6 addresses. If the admin want not to restrict
> > ssh to IPv4 clients, there should not be any ListenAddress directive (using ::1
> > would break IPv4, having no ListenAddress directive sshd binds to ::1 if the
> > host is IPv6-capable or 0.0.0.0 else)

> Please keep in mind that ipv6 is not a target of the forth-coming debian
> release and so this will not be changed now.

Why to force sshd to work only on IPv4? ListenAddress should be used only if
you want to restrict the addresses to listen on. It should not be used on
default configurations.

Notice that the bug report is against Version 2.2.0p1-1.1, that's in unstable.
So it's not the version to be released what has to change.

BTW, while i amn't able of tracking original openssh 2.2.0p1 (that's my biggest
gripe against debian packaging system, where are the .orig from? only the
maintainer knows), i've notice that in Jan/2000 the bug i'm reporting was
corrected in openssh main development line.

> Also you, as the admin, are
> free to exchange the following two lines in your sshd_config file, if
> you really want to use IPv6:

> |ListenAddress 0.0.0.0
> |#ListenAddress ::

That's not a solution. Because in IPv4 only machines ListenAddress :: doesn't
work.

> Therefor this report should be changed to severity wishlist, which would be
> more approiate.

I believe that being so trivial to fix it, it should be changed to fixed, not
put in the wait queue.

> Ciao
>      Christian

					HoraPe
---
Horacio J. Peña
horape@compendium.com.ar
horape@uninet.edu
bofh@puntoar.net.ar
horape@hcdn.gov.ar