IPV6_V6ONLY

David Woodhouse dwmw2 at infradead.org
Fri Oct 15 08:07:20 EST 2010


On Thu, 2010-10-14 at 13:43 -0700, Scott Neugroschl wrote:
> > From: Damien Miller [mailto:djm at mindrot.org] 
> > On Wed, 13 Oct 2010, David Woodhouse wrote:
> > 
> > > Because it listens separately on a Legacy IP socket, so it doesn't
> > > want its IPv6 socket accepting Legacy IP connections.
> > 
> > "Legacy", har har
> 
> OK, it was causing some issues on my platform (HP Nonstop).  I was.
> just making sure that taking it out wasn't going to cause security
> issues.

One potential issue to look out for if you do this is that you need to
be sure that incoming Legacy IP connections to port 22 really are going
to sshd.

If you listen on an IPv6 socket without IPV6_V6ONLY, then you might
*hope* that it's also accepting Legacy IP connections and nobody else is
listening on INADDR_ANY:22. But are you sure?
 
-- 
dwmw2



More information about the openssh-unix-dev mailing list