[Bug 2606] New: IPv6 bind address vs autoconfiguration privacy

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Aug 19 11:49:13 AEST 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2606

            Bug ID: 2606
           Summary: IPv6 bind address vs autoconfiguration privacy
           Product: Portable OpenSSH
           Version: -current
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: djm at mindrot.org

from
https://github.com/wertarbyte/openssh-portable/commit/028bb9a90bef340f3afe0fca35cb747ac9e634a2

add config option to select the type of IPv6 address
When using IPv6 autoconfiguration, the IP address is deducted using the
unique
hardware address of the network card and the announced network prefix.
Since
this might lead to privacy issues, most operating systems generate
pseudo-random addresses that are rotated in regular intervals.

This can be a problem for long-running connections if a address is
invalidated
while still in use - the connection "hangs". Even though expired
addresses are
usually retained for a long timeframe to prevent this, accidental dis-
and
reconnection (e.g. when using a wireless network) flushes the list of
previously used addresses.

By setting appropiate socket options, the kernel can be instructed to
use the
public (and static) source address for the outgoing connection. This
change
implements this functionality for SSH, adding a configuration option
"Ipv6BindPref" that can be set to "pub(lic)", "t(e)mp" or just "none"
(which is
the default), indicating the preference for the address to be used.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching the reporter of the bug.


More information about the openssh-bugs mailing list