GNU bug report logs - #55335
openssh-service no longer listens on IPv6

Previous Next

Package: guix;

Reported by: Christopher Baines <mail <at> cbaines.net>

Date: Mon, 9 May 2022 10:46:01 UTC

Severity: important

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Christopher Baines <mail <at> cbaines.net>
Subject: bug#55335: closed (Re: bug#55335: openssh-service no longer
 listens on IPv6)
Date: Sun, 22 May 2022 20:09:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#55335: openssh-service no longer listens on IPv6

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 55335 <at> debbugs.gnu.org.

-- 
55335: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=55335
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: 55335-done <at> debbugs.gnu.org, Christopher Baines <mail <at> cbaines.net>, Jack
 Hill <jackhill <at> jackhill.us>
Subject: Re: bug#55335: openssh-service no longer listens on IPv6
Date: Sun, 22 May 2022 22:08:46 +0200

Hello!

With Shepherd 0.9.1 released, I believe Guix commit
d2b3400f79ffaed3357650307376ab69a7ec3b1b fixes this bug for good, also
adding a system test for SSH access over IPv6 (both with OpenSSH and
Dropbear).

Let me know if anything’s amiss!

Thanks,
Ludo’.


[Message part 3 (message/rfc822, inline)]
From: Christopher Baines <mail <at> cbaines.net>
To: bug-guix <at> gnu.org
Subject: openssh-service no longer listens on IPv6
Date: Mon, 09 May 2022 11:39:47 +0100

[Message part 4 (text/plain, inline)]
This looks to be a recent regression, probably connected with the
shepherd now doing the listening, rather than sshd itself.

Previously, you could use both IPv4 and IPv6.

  netstat -tlnp | grep sshd
  tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      26683/sshd: /gnu/st
  tcp6       0      0 :::22                   :::*                    LISTEN      26683/sshd: /gnu/st

Now though, it looks like with shepherd doing the listening, you can
only use IPv4.

  netstat -tlnp | grep 22
  tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1/guile


On an affected machine, you can reproduce this by trying to SSH over v6.

  cbaines <at> lakeside ~$ ssh 127.0.0.1
  The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
  ED25519 key fingerprint is SHA256:1wV7w84awrGv5ilP5e8k5ygIvSkXSJ6LIy3MnqZG2Jw.
  This key is not known by any other names
  Are you sure you want to continue connecting (yes/no/[fingerprint])? ^C

  cbaines <at> lakeside ~$ ssh ::1
  ssh: connect to host ::1 port 22: Connection refused


This isn't an issue if you're not using IPv6, but if you have a machine
only accessible via IPv6, then you can't ssh in. The main workaround
I've found is getting access via other means, then starting sshd
listening on a different port (as the shepherd is using 22).

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 2 years and 359 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.