Re: ssh & ipv6

From: Michael H. Warfield (
Date: 01/07/04

  • Next message: David Diep: "RE: ssh & ipv6"
    Date: Tue, 6 Jan 2004 22:14:43 -0500
    To: David Diep <>

    On Tue, Jan 06, 2004 at 11:17:47AM +0900, David Diep wrote:
    > Hi,

    > I have a problem with ssh and ipv6.
    > My host has the following address fe80::200:e2ff:fe28:3a85
    > I can execute properly
    > # ssh -6 ::1
    > However when I use the host ipv6 address
    > # ssh -6 fe80::200:e2ff:fe28:3a85
    > I get an "Invalid argument" error. Do you know what my problem is?

            You are using a "Scope:Link" address (i.e. Link Local address).
    That's all of the fe80::/16 space. It's NOT guaranteed to be unique
    between subnets. Consequently, you are very restricted in what you can
    do with them. You can't even ping them unless you specify the interface
    to the ping6 command (which you can not do for ssh).

            Solution... Configure a "Scope:Global" address or "Scope:Site"
    address and use that. Scope:Site is sort of like (almost) the private IPv4
    space, it can't be routed to the global IPv6 space but it is unique within
    your space. For site local, just change the "fe80" to "fec0" in your
    address and add it to your interface configuration file on the server and on
    the client (use the correct address from each interface from ifconfig). Then
    you can connect to it from your client (assuming they are both on the same
    SLA - SLA 0 and assuming you do the same thing for the client address).
    Better yet, if you haven't already, get a global prefix, either a 6Bone
    [3ffe::/16] (yes, I know it's due to be retired - in 2006, maybe) or
    on the IPv6 production internet [2001::/16]. My network is 2001:470:104::/48.

            Check out Freenet6 <> for 6Bone or
    Hurricane Electric <> (v6 Internet) for getting
    hooked up with a real prefix if you are in North America. IAC, check out
    "IPv6 Style" <> for a lot more information on getting
    started with IPv6.

            You got a bit more to cover to get up and flying with IPv6. Like you
    should NOT be using Link Local addresses for anything in user space (they're
    primarily used in the kernel and lower level protocol stuff for things like
    neighbor discovery and router solicitation. You can use them with certain
    apps, like ping6, IF you know what you are doing. But not with apps which
    don't understand what you are doing.

            IPv6 is incredibly easy to set up and get working (I do damn near
    everything over IPv6 lately) but it is not (I REPEAT - IT IS NOT) merely
    IPv4 with bigger addresses. Some things, like address scopes, are just
    not the same thing at all.

    > I am using: Linux Kernel 2.4.20 Openssl-0.9.6k Openssh-3.7.1p1

    > Best Regards,

    > David


     Michael H. Warfield    |  (770) 985-6132   |
      /\/\|=mhw=|\/\/       |  (678) 463-0932   |
      NIC whois:  MHW9      |  An optimist believes we live in the best of all
     PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

  • Next message: David Diep: "RE: ssh & ipv6"