Hello all, I just found a bug a nice bug that can be turned into a real feature on systems (usually Linux) that are built with --with-ipv4-default. If you enable IPv6 in kernel, and enable both listenaddress 0.0.0.0 and ::, sshd will error out 'address family not supported'. However, you can work around this error by starting sshd with 'sshd -4 -6'. As far as man page is concerned, I'm getting the impression that you should be able to use only -4 or -6, not both. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
On Mon, 5 Mar 2001, Pekka Savola wrote:> Hello all, > > I just found a bug a nice bug that can be turned into a real feature on > systems (usually Linux) that are built with --with-ipv4-default. > > If you enable IPv6 in kernel, and enable both listenaddress 0.0.0.0 and > ::, sshd will error out 'address family not supported'. > > However, you can work around this error by starting sshd with 'sshd -4 -6'. > > As far as man page is concerned, I'm getting the impression that you > should be able to use only -4 or -6, not both.Please disregard "the hack". It doesn't work after all. My eyes betrayed me and I wasn't caffeinated. :-) Still, it would be very nice to get sshd to bind to both address families with ipv4-default. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
On Mon, 5 Mar 2001, Pekka Savola wrote:> Hello all, > > I just found a bug a nice bug that can be turned into a real feature on > systems (usually Linux) that are built with --with-ipv4-default. > > If you enable IPv6 in kernel, and enable both listenaddress 0.0.0.0 and > ::, sshd will error out 'address family not supported'. > > However, you can work around this error by starting sshd with 'sshd -4 -6'. > > As far as man page is concerned, I'm getting the impression that you > should be able to use only -4 or -6, not both.It may be that the reason for the hack has been fixed. Can someone with a recent Linux kernel with IPv6 compiled in (or module loaded) build OpenSSH without the --with-ipv4-default hack and see whether it still waits ages for nameserver lookups at connect? -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer