Re: ssh & ipv6

From: Mike Manomohan (MIke.Manomohan_at_noaa.gov)
Date: 01/07/04

  • Next message: Jason Williams: "Proper way to upgrade OpenSSH on FreeBSD 4.9"
    Date: Wed, 07 Jan 2004 08:12:44 -0500
    To: "Michael H. Warfield" <mhw@wittsend.com>
    
    

    Where (url, white paper) can I get a good technical/managerial review of
    comparison between ssl,ssh, and vpn technologies/protocols in relation to their
    strengths and weaknesses?
    Mike

    "Michael H. Warfield" wrote:

    > On Tue, Jan 06, 2004 at 11:17:47AM +0900, David Diep wrote:
    > > Hi,
    >
    > > I have a problem with ssh and ipv6.
    > > My host has the following address fe80::200:e2ff:fe28:3a85
    > > I can execute properly
    > > # ssh -6 ::1
    > > However when I use the host ipv6 address
    > > # ssh -6 fe80::200:e2ff:fe28:3a85
    > > I get an "Invalid argument" error. Do you know what my problem is?
    >
    > You are using a "Scope:Link" address (i.e. Link Local address).
    > That's all of the fe80::/16 space. It's NOT guaranteed to be unique
    > between subnets. Consequently, you are very restricted in what you can
    > do with them. You can't even ping them unless you specify the interface
    > to the ping6 command (which you can not do for ssh).
    >
    > Solution... Configure a "Scope:Global" address or "Scope:Site"
    > address and use that. Scope:Site is sort of like (almost) the private IPv4
    > space, it can't be routed to the global IPv6 space but it is unique within
    > your space. For site local, just change the "fe80" to "fec0" in your
    > address and add it to your interface configuration file on the server and on
    > the client (use the correct address from each interface from ifconfig). Then
    > you can connect to it from your client (assuming they are both on the same
    > SLA - SLA 0 and assuming you do the same thing for the client address).
    > Better yet, if you haven't already, get a global prefix, either a 6Bone
    > [3ffe::/16] (yes, I know it's due to be retired - in 2006, maybe) or
    > on the IPv6 production internet [2001::/16]. My network is 2001:470:104::/48.
    >
    > Check out Freenet6 <http://www.freenet6.net> for 6Bone or
    > Hurricane Electric <http://www.tunnelbroker.net> (v6 Internet) for getting
    > hooked up with a real prefix if you are in North America. IAC, check out
    > "IPv6 Style" <http://www.ipv6style.jp> for a lot more information on getting
    > started with IPv6.
    >
    > You got a bit more to cover to get up and flying with IPv6. Like you
    > should NOT be using Link Local addresses for anything in user space (they're
    > primarily used in the kernel and lower level protocol stuff for things like
    > neighbor discovery and router solicitation. You can use them with certain
    > apps, like ping6, IF you know what you are doing. But not with apps which
    > don't understand what you are doing.
    >
    > IPv6 is incredibly easy to set up and get working (I do damn near
    > everything over IPv6 lately) but it is not (I REPEAT - IT IS NOT) merely
    > IPv4 with bigger addresses. Some things, like address scopes, are just
    > not the same thing at all.
    >
    > > I am using: Linux Kernel 2.4.20 Openssl-0.9.6k Openssh-3.7.1p1
    >
    > > Best Regards,
    >
    > > David
    >
    > Mike
    > --
    > Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com
    > /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
    > NIC whois: MHW9 | An optimist believes we live in the best of all
    > PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
    >
    > ------------------------------------------------------------------------
    > Part 1.2Type: application/pgp-signature

    --
    Regards,
    Mike Manomohan
    Security Analyst
    301-713-1360 ext 122 (W)
    

  • Next message: Jason Williams: "Proper way to upgrade OpenSSH on FreeBSD 4.9"

    Relevant Pages

    • RE: ssh & ipv6
      ... recommend too for those who are interested in IPv6. ... You can't even ping them unless you specify the interface ... the client. ... apps, like ping6, IF you know what you are doing. ...
      (SSH)
    • Re: ssh & ipv6
      ... You can't even ping them unless you specify the interface ... it can't be routed to the global IPv6 space but it is unique within ... the client. ... apps, like ping6, IF you know what you are doing. ...
      (SSH)
    • Re: What doesnt lend itself to OO?
      ... >>server is a pure data transfer interface. ... essentially exposing the client or service implementation. ... >>paradigms can be abstracted just like any other problem space in an OO ...
      (comp.object)
    • Re: Text terminal rendering design
      ... free to give it any object that satisfies that interface. ... giving it a real facade object if I choose. ... Facade to avoid touching the client. ... completely incompatible with this subsystem interface. ...
      (comp.object)
    • Re: Abstract public member variales?
      ... Entity has no encapsulation and no real methods, but the great thing about it is that its public interface will never have to change during maintenance. ... Assuming there is at most only one Property instance for each property type, then the R1 collection class would own the smarts for finding the right one. ... However, I would point out that the client of the getter is someone who needs to collaborate with a specific Property, not the Entity itself. ... The second line generates a message to the Property for the collaboration. ...
      (comp.object)