[Bug 2606] New: IPv6 bind address vs autoconfiguration privacy
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Aug 19 11:49:13 AEST 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2606
Bug ID: 2606
Summary: IPv6 bind address vs autoconfiguration privacy
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: djm at mindrot.org
from
https://github.com/wertarbyte/openssh-portable/commit/028bb9a90bef340f3afe0fca35cb747ac9e634a2
add config option to select the type of IPv6 address
When using IPv6 autoconfiguration, the IP address is deducted using the
unique
hardware address of the network card and the announced network prefix.
Since
this might lead to privacy issues, most operating systems generate
pseudo-random addresses that are rotated in regular intervals.
This can be a problem for long-running connections if a address is
invalidated
while still in use - the connection "hangs". Even though expired
addresses are
usually retained for a long timeframe to prevent this, accidental dis-
and
reconnection (e.g. when using a wireless network) flushes the list of
previously used addresses.
By setting appropiate socket options, the kernel can be instructed to
use the
public (and static) source address for the outgoing connection. This
change
implements this functionality for SSH, adding a configuration option
"Ipv6BindPref" that can be set to "pub(lic)", "t(e)mp" or just "none"
(which is
the default), indicating the preference for the address to be used.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.
More information about the openssh-bugs
mailing list