IPv6 + user at ipaddress
Healy
openssh at nwgeeks.com
Thu Sep 30 03:05:19 EST 2004
Using:
Solaris 8.0
OpenSSH OpenSSH_3.8p1
I believe I may have found a bug when dealing with restricting user at ipv6address
in cases when adjacent colons do not expand to multiple fields.
For example:
If I have any of the following entries in sshd_config, it will let me in:
user at 1234:0234:0234:0000:0234:1234:1234:1234
user at 1234:234:234:0000:234:1234:1234:1234
user at 1234:234:234:0:234:1234:1234:1234
However, if I reduce the address as much as possible, to the below entry it will
reject my login attempt:
user at 1234:234:234::234:1234:1234:1234
This only appears to happen on addresses where seven of the eight octets have
something besides zero in them. In this case, the system logs will show refused entry
if the adress is written with :: instead of :0:
Note: this does NOT happen if the colons expand to multiple fields. For example, any of the
following notations for the same address will let me into the box:
user at 1234:0234:0000:0000:0234:1234:1234:1234
user at 1234:0234:0:0:0234:1234:1234:1234
user at 1234:234:0:0:234:1234:1234:1234
user at 1234:234::234:1234:1234:1234
I checked the archives, bugzilla and release notes and did not see mention of this. If
it's a known issue, I apologize for the waste of time.
-Healy
More information about the openssh-unix-dev
mailing list