IPv6 + user at ipaddress

Healy openssh at nwgeeks.com
Thu Sep 30 03:05:19 EST 2004

Solaris 8.0
OpenSSH OpenSSH_3.8p1

I believe I may have found a bug when dealing with restricting user at ipv6address 
in cases when adjacent colons do not expand to multiple fields.

For example:
If I have any of the following entries in sshd_config, it will let me in:

user at 1234:0234:0234:0000:0234:1234:1234:1234
user at 1234:234:234:0000:234:1234:1234:1234
user at 1234:234:234:0:234:1234:1234:1234

However, if I reduce the address as much as possible, to the below entry it will 
reject my login attempt:

user at 1234:234:234::234:1234:1234:1234

This only appears to happen on addresses where seven of the eight octets have 
something besides zero in them.  In this case, the system logs will show refused entry 
if the adress is written with :: instead of :0:

Note: this does NOT happen if the colons expand to multiple fields.  For example, any of the
following notations for the same address will let me into the box:

user at 1234:0234:0000:0000:0234:1234:1234:1234
user at 1234:0234:0:0:0234:1234:1234:1234
user at 1234:234:0:0:234:1234:1234:1234
user at 1234:234::234:1234:1234:1234

I checked the archives, bugzilla and release notes and did not see mention of this.  If 
it's a known issue, I apologize for the waste of time.


More information about the openssh-unix-dev mailing list