Re: ssh & ipv6

From: Michael H. Warfield (mhw_at_wittsend.com)
Date: 01/07/04

  • Next message: David Diep: "RE: ssh & ipv6"
    Date: Tue, 6 Jan 2004 22:14:43 -0500
    To: David Diep <diep@sdl.hitachi.co.jp>
    
    
    

    On Tue, Jan 06, 2004 at 11:17:47AM +0900, David Diep wrote:
    > Hi,

    > I have a problem with ssh and ipv6.
    > My host has the following address fe80::200:e2ff:fe28:3a85
    > I can execute properly
    > # ssh -6 ::1
    > However when I use the host ipv6 address
    > # ssh -6 fe80::200:e2ff:fe28:3a85
    > I get an "Invalid argument" error. Do you know what my problem is?

            You are using a "Scope:Link" address (i.e. Link Local address).
    That's all of the fe80::/16 space. It's NOT guaranteed to be unique
    between subnets. Consequently, you are very restricted in what you can
    do with them. You can't even ping them unless you specify the interface
    to the ping6 command (which you can not do for ssh).

            Solution... Configure a "Scope:Global" address or "Scope:Site"
    address and use that. Scope:Site is sort of like (almost) the private IPv4
    space, it can't be routed to the global IPv6 space but it is unique within
    your space. For site local, just change the "fe80" to "fec0" in your
    address and add it to your interface configuration file on the server and on
    the client (use the correct address from each interface from ifconfig). Then
    you can connect to it from your client (assuming they are both on the same
    SLA - SLA 0 and assuming you do the same thing for the client address).
    Better yet, if you haven't already, get a global prefix, either a 6Bone
    [3ffe::/16] (yes, I know it's due to be retired - in 2006, maybe) or
    on the IPv6 production internet [2001::/16]. My network is 2001:470:104::/48.

            Check out Freenet6 <http://www.freenet6.net> for 6Bone or
    Hurricane Electric <http://www.tunnelbroker.net> (v6 Internet) for getting
    hooked up with a real prefix if you are in North America. IAC, check out
    "IPv6 Style" <http://www.ipv6style.jp> for a lot more information on getting
    started with IPv6.

            You got a bit more to cover to get up and flying with IPv6. Like you
    should NOT be using Link Local addresses for anything in user space (they're
    primarily used in the kernel and lower level protocol stuff for things like
    neighbor discovery and router solicitation. You can use them with certain
    apps, like ping6, IF you know what you are doing. But not with apps which
    don't understand what you are doing.

            IPv6 is incredibly easy to set up and get working (I do damn near
    everything over IPv6 lately) but it is not (I REPEAT - IT IS NOT) merely
    IPv4 with bigger addresses. Some things, like address scopes, are just
    not the same thing at all.

    > I am using: Linux Kernel 2.4.20 Openssl-0.9.6k Openssh-3.7.1p1

    > Best Regards,

    > David

            Mike

    -- 
     Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
      /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
      NIC whois:  MHW9      |  An optimist believes we live in the best of all
     PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
    
    



  • Next message: David Diep: "RE: ssh & ipv6"

    Relevant Pages

    • Re: [PHP] $_SERVER["REMOTE_ADDR"] returning ::1
      ... Proxies can be implemented as shared clusters such that any request going through the cluster could appear to come from one of a number of IPs (i.e. the client is not tied to a single proxy appliance). ... This is unlikely however because I believe most ISPs will do everything they can to issue a connection with the same IP when the lease expires but it's not something you can rely on. ... Request it with an IPv6 domain/IP and REMOTE_ADDR will also be IPv6. ...
      (php.general)
    • RE: ssh & ipv6
      ... recommend too for those who are interested in IPv6. ... You can't even ping them unless you specify the interface ... the client. ... apps, like ping6, IF you know what you are doing. ...
      (SSH)
    • Re: Confusion with IPv6 on Windows Server 2008
      ... Here is how I set IPv6 up on my system. ... Install the DHCP Role ... netsh interface IPv6 set interface "Local Area Connection" ... At a Vista Client ...
      (microsoft.public.windows.server.general)
    • Fwd: Fresh installation 9.1
      ... For this all the Client machines received the router advertisement. ... There are two IPv6 clients are connected to Re0 interface of FreeBSD ... Do I need to add client link local address in this above rtadvd.conf. ...
      (freebsd-questions)
    • Re: Question about Ipv6 datagram server
      ... Is the IPv6 Firewall running? ... > I have a question regarding an IPv6 datagramserver using ... > But from a different machine the client is not able to communicate to ... > it is still waiting on the recvfrom. ...
      (microsoft.public.windowsxp.network_web)