Red Hat Bugzilla – Bug 30327
openssh-server-2.5.1p1-2.i386.rpm doesn't include IPv6 support
Last modified: 2008-05-01 11:37:59 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.1-0.1.14 i686; en-US; 0.8)
When I try to allow sshd to bind to listen on IPv6 by uncommenting
I get the error
fatal: bad addr or host: :: (Address family for hostname not supported)
Steps to Reproduce:
1. Install Wolverine w/ openssh and openssh-server packages
2. Install openssh-server-2.5.1p1-2.i386.rpm via up2date
3. Uncomment the ListenAddress :: line in /etc/sshd_config
4. run /etc/rc.d/init.d/sshd start
Actual Results: I get the error fatal: bad addr or host: :: (Address
family for hostname not supported)
Expected Results: sshd should start and bind to both IPv4 and IPv6 stacks.
Wolverine is RedHat's first real IPv6 ready distribution. As such, all
applications within Wolverine that CAN support IPv6 should be compiled with
that support turned on.
Some support is compiled in, but Linux glibc (at least until recently, not sure if this is still the case)
doesn't handle the situation where you can use both too gracefully, so it has to be compiled with --with-ipv4-default.
You can still start sshd with '-6' option, but then it can't handle IPv4.
Leaving out --with-ipv4-default creates some grief for IPv4-only users.
Personally, I'd like to be able to bind sshd to both ipv4 and ipv6.
Perhaps in the interrim (until compiling without --with-ipv4-default becomes a
viable option), we can just modify the init.d script to detect if
NETWORKING_IPV6="yes" and if so, include the -6 switch? That seems a simple
A problem is that '-6' uses _only_ IPv6, not both.. :-/
Have you actually verified that? When I was playing around w/ IPv6 on fisher, I
had a single instance of sshd running that was listening on port 22 of both v4
and v6 stacks. If memory serves, I had the -6 switch and the ListenAddress ::
line uncommented. I could be mistaken on how I did it, but I know I did it.
Another option, however would be to have the init script start two instances of
sshd, one w/ the -6 switch, one w/o.
If you comment out _all_ ListenAddress lines, and start sshd with 'sshd -4 -6', it appears to work.
This is a bug, but it works ;-)
Actually, you don't need to comment out anything, plain 'sshd -4 -6'
will also work.
/etc/sysconfig/sshd option processing should be added, like
how it has been done with syslogd, bind, etc. for the upcoming
Bah. I'm sure ;-) I got it to work for a moment, but now it refuses to
do that. Oh well..
I've encountered this with other daemons too, now. I believe kernel has to be patched for this to work.
In USAGI kernel, the keyword is "CONFIG_IPV6_DOUBLE_BIND".
.. but including /etc/sysconfig/sshd might be a way to get around the problem for a short while.
I'm able to enable openssh for IPv6 rather easily with the attached patch by adding:
to /etc/sysconfig/sshd. IPv4 connections originate from IPv4-mapped addresses, but that's no problem.
Note: you must build sshd against update tcp_wrappers to be able to use this effectively (see: #35648).
Updated openssh and tcp_wrappers packages are available at http://www.netcore.fi/pekkas/linux/ipv6/
Created attachment 15365 [details]
common method for providing options for init.d scripts
All the required hooks are in place in Rawhide openssh-2.9p1-2. Thanks!
(Naturally, OpenSSH must be rebuilt against tcp_wrappers which supports IPv6, also in Rawhide, to be effective
but this will happen sooner or later so no sweat)