I've tried to get OpenSSH_3.7.1p2 to work over IPv6 under AIX 5.1.0 and 5.2.0 without success. If I configure sshd to listen to an IPv6 address it will take the uppermost 32 bits of the IPv6 address and interpret it as an IPv4 address. sshd_config: ------------ ListenAddress [2001:6b0:b:1::133] ListenAddress 130.238.4.133 ListenAddress 172.17.1.2 $ /usr/nbin/sshd -d -d -d debug2: read_server_config: filename /usr/libdata/etc/sshd_config debug1: sshd version OpenSSH_3.7.1p2 debug3: Not a RSA1 key file /usr/libdata/etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #0 type 2 DSA debug1: Bind to port 22 on 172.17.1.2. Server listening on 172.17.1.2 port 22. debug1: Bind to port 22 on 130.238.4.133. Server listening on 130.238.4.133 port 22. debug1: Bind to port 22 on 32.1.6.176. Bind to port 22 on 32.1.6.176 failed: Can't assign requested address. -- Anders Liljegren Mail: IT-st?d, Uppsala universitet Phone: +46 18 4717751 Box 887 Fax: +46 18 4717725 SE-751 08 UPPSALA mailto:anders.liljegren at its.uu.se Sweden mailto:anders.liljegren at minicall.uu.se (<130 chars, end with empty line) http://www.anst.uu.se/andelilj
Anders Liljegren wrote:> I've tried to get OpenSSH_3.7.1p2 to work over IPv6 under AIX 5.1.0 and > 5.2.0 without success. If I configure sshd to listen to an IPv6 address > it will take the uppermost 32 bits of the IPv6 address and interpret it > as an IPv4 address.Currently configure will define BROKEN_GETADDRINFO (see config.h) for all AIX versions, which will cause the built-in getaddrinfo-family replacement functions to be used. Those support IPv4 only. Attempting to use AIX's functions will cause sshd to not work at all: debug1: private host key: #2 type 2 DSA getnameinfo failed getnameinfo failed Cannot bind any address. Adding some code to print an error for the failure gives: getnameinfo failed: Invalid argument getnameinfo failed: Invalid argument I don't know why AIX's getnameinfo doesn't work. I did a quick search of the AIX APARs last time I looked at this but didn't turn up anything. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Darren Tucker <dtucker at zip.com.au> writes:>> I've tried to get OpenSSH_3.7.1p2 to work over IPv6 under AIX 5.1.0 >> and 5.2.0 without success. If I configure sshd to listen to an IPv6 >> address it will take the uppermost 32 bits of the IPv6 address and >> interpret it as an IPv4 address. > > Currently configure will define BROKEN_GETADDRINFO (see config.h) for > all AIX versions, which will cause the built-in getaddrinfo-family > replacement functions to be used. Those support IPv4 only. > > Attempting to use AIX's functions will cause sshd to not work at all: > > debug1: private host key: #2 type 2 DSA > getnameinfo failed > getnameinfo failed > Cannot bind any address. > > Adding some code to print an error for the failure gives: > getnameinfo failed: Invalid argument > getnameinfo failed: Invalid argument > > I don't know why AIX's getnameinfo doesn't work. I did a quick search > of the AIX APARs last time I looked at this but didn't turn up > anything.I've now looked into this and it seems this is an error that occurs when one passes NULL as the nodename to getaddrinfo, which will cause it to return a faulty struct sockaddr (this happens if there are no ListenAddress-directives in the configuration). [I'll try to figure out how to report this to IBM.] Apart from that, there seems to be no more problems with using the systems getaddrinfo (meaning everything seems fine as long as I specify some ListenAddress, including 0.0.0.0 or ::). I'll continue testing. If there's no more problem than this, I think a wrapper or some other workaround that allows the use of v6 to be rather desirable. cheers /Pontus (I've tested using getaddrinfo on 5.1ML5, 5.1ML1, 4.3.3ML10 and 5.2ML2) -- Pontus Sk?ld, see <URL:http://soua.net/> for more information.
Apparently Analagous Threads
- User executional bit set when creating/modifying file on linux server from linux client
- Setauthdb defined twice in openssh-4.0p1 on AIX 5.3
- How to get a specific named element in a nested list
- [Bug 1841] New: Error message if key not first in authorized_keys file
- [Bug 1765] New: Error message if key not first in authorized_keys file