Feature request - Control of IPv6 source address selection

Darren Tucker dtucker at zip.com.au
Tue Aug 29 10:32:32 AEST 2017


On 29 August 2017 at 04:18, Brandon Applegate <brandon at burn.net> wrote:
>
> I’d love for there to be a config option to control IPv6 source address
> selection - specifically temp/privacy vs. non.


Can you use BindAddress [static_ipv6_address] in ~/.ssh/config?  Failing
that you can use ProxyCommand to implement whatever behaviour you want.

 The issue that I (and others over the years) see is that when there is a
> long lived ssh connection (i.e. days or > 1 week) - if this connection was
> sourced from a temp/privacy address - the socket will get killed when this
> address finally expires and falls off the interface.  Being able to turn a
> knob and get client connections initiated from a non-privacy address would
> be great.
>
> There have been some bug reports in downstream projects over time:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859270
> https://bugzilla.redhat.com/show_bug.cgi?id=512032


The interface from RFC5014 doesn't seem to be widely supported (Linux was
the only implementation I could find in a brief search).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list