[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#295731: marked as done (ssh fails to bind link-scope IPv6 addresses)

Your message dated Sat, 25 Apr 2009 05:28:33 +0200
with message-id <7i1vrhpg2m.fsf@lanthane.pps.jussieu.fr>
and subject line Re: ssh fails to bind link-scope IPv6 addresses
has caused the Debian Bug report #295731,
regarding ssh fails to bind link-scope IPv6 addresses
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

295731: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295731
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: ssh
Version: 1:3.8.1p1-8.sarge.4
Severity: important


I try to setup IPv6 on my local network. Ping6 already works but sshd refuses
to cooperate:

# sshd -d -e
debug1: sshd version OpenSSH_3.8.1p1 Debian-8.sarge.4
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 192.168.yyy.yyy.
Server listening on 192.168.yyy.yyy port 22.
debug1: Bind to port 22 on
Server listening on port 22.
debug1: Bind to port 22 on fe80::2xx:xxff:fexx:xxxx.
debug1: Bind to port 22 on ::1.
Server listening on ::1 port 22.

# netstat --inet6 -l -n
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 ::1:22                  :::*                    LISTEN
tcp6       0      0 ::1:953                 :::*                    LISTEN
udp6       0      0 :::1038                 :::*
raw6       0      0 :::58                   :::*                    7

# ssh -6 fe80::2xx:xxff:fexx:xxxx
ssh: connect to host fe80::2xx:xxff:fexx:xxxx port 22: Invalid argument

# ssh -6 ::1
root@::1's password:

As you can see, it has no problem with ::1 but with fe80::/64 addresses.
So what the issue? Pinging the fe80::/64 address works just fine.
Binding "::" (all local IPv6 addresses) does not work, either. Not even ::1 is
bound in this case.
There is no site local IPv6 address assigned. On another host with a site
local IPV6 address assigned from router advertisement, ssh works.


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.10
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)

Versions of packages ssh depends on:
ii  adduser                     3.59         Add and remove users and groups
ii  debconf               Debian configuration management sy
ii  dpkg                        1.10.26      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-22      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-22      Runtime support for the PAM librar
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7e-2     SSL shared libraries
ii  libwrap0                    7.6.dbs-6    Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.2.2-3    compression library - runtime

-- debconf information:
* ssh/forward_warning:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/protocol2_only: true
  ssh/run_sshd: true
  ssh/SUID_client: true
  ssh/disable_cr_auth: false

--- End Message ---
--- Begin Message ---
Closing this bug, since, as pointed by Rémi,

1. it's the standard behaviour of scoped IPv6 addresses;
2. it's really not an ssh isue, it's an issue with the sockets API.

>> However, if the match can be unique (and that's the case in my
>> system), it IS possible to do without specifying the interface.

> I cannot agree. It would really suck when the requirement for a scope
> ID would depend on the run-time configuration of the system,

I still think that sin6_scope_id being 0 for scope 2 (which is what the
underlying API issue is) should be defined.  But that's just me.


--- End Message ---

Reply to: