bugzilla-daemon at bugzilla.mindrot.org
2016-May-31 14:34 UTC
[Bug 2578] New: -W should honor -4 and -b
bugzilla.mindrot.org/show_bug.cgi?id=2578 Bug ID: 2578 Summary: -W should honor -4 and -b Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: mh+openssh-bugzilla at zugschlus.de Hi, ssh -W should honor -4 and -b options given on the same command line. In practice, ssh -4 -W host:port will use IPv6 if host has an AAAA and an A record, and ssh -b valid.ipv4.address -W host:port will give "address family not supported" error if host has an AAAA and an A record. Greetings Marc -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Jun-01 00:37 UTC
[Bug 2578] -W should honor -4 and -b
bugzilla.mindrot.org/show_bug.cgi?id=2578 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #1 from Darren Tucker <dtucker at zip.com.au> --- (In reply to Marc 'Zugschlus' Haber from comment #0)> ssh -W should honor -4 and -b options given on the same command line.It does. They apply to the connection from the client to the server as they always do. $ ifconfig enp5s0 enp5s0: [...] inet 192.168.32.1 $ ssh -b 192.168.32.1 -4 -W server:22 server SSH-2.0-OpenSSH_7.2 $ ssh -b 192.168.32.2 -4 -W server:22 server bind: 192.168.32.2: Cannot assign requested address ssh: connect to host server port 22: Cannot assign requested address> In practice, ssh -4 -W host:port will use IPv6 if host has an AAAA > and an A recordThe client sends the hostname to the server which then resolves it, so that's dependent on name resolution config on the server side.> and ssh -b valid.ipv4.address -W host:port will > give "address family not supported" error if host has an AAAA and an > A record.A valid IPv4 address on the server or the client? It should be on the client. Anyway, as to the enhancement request: we couldn't use -4/-6 or -b for this since they already have meaning in this case. For the IPv4 or IPv6 cases you can already resolve the address on the client side and pass the address to connect to on the command line, eg: $ ssh -4 -W "[fe80::5054:ff:fef6:2ea%vio0]:22" server SSH-2.0-OpenSSH_7.2 We could potentially add something to the client to allow the resolution on the client side although I am not convinced it's worth doing. What is your use case for it? For the remote bindaddress case I don't think it's possible at all since there's nothing in the protocol message to specify a bind addresses for forward connections (see RFC4254 section 7.2). -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla.mindrot.org/show_bug.cgi?id=2578 Antenore Gatta <antenore at simbiosi.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |antenore at simbiosi.org --- Comment #2 from Antenore Gatta <antenore at simbiosi.org> --- (In reply to Darren Tucker from comment #1)> For the remote bindaddress case I don't think it's possible at all > since there's nothing in the protocol message to specify a bind > addresses for forward connections (see RFC4254 section 7.2).Isn?t it ?string originator IP address? the bind address? My use case is simpler than the one described by OP. I have a JumpHost with 2 network interface, the default network interface is used only to connect to some specific servers, all the others uses the secondary network interfecase and I accomplish this with BindAddress in the ssh_config file. Unfortunately this doesn?t work with ProxyCommand and ProxyJump. Any alternatives to this if it cannot be implemented? Thanks! -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Possibly Parallel Threads
- [Bug 172] Add multiple AuthorizedKeyFiles options
- OT: systemd Poll
- [Bug 3161] New: ssh -J <public IPv6> <LL IPv6%scopeID> doesn't work as expected
- [Bug 2635] New: Unable to use SSH Agent and user level PKCS11Provider configuration directive
- /bin/nmcli and connection names