X11 forwarding with IPv6 disabled

L. A. Walsh openssh at tlinx.org
Fri Mar 31 13:34:00 AEDT 2017

Jakub Jelen wrote:
> Hello all,
> one more (ever-returning) bug [1] reported recently caught my eye. The 
> problem is that disabling IPv6 in kernel leads to OpenSSH failing to 
> bind localhost IPv6 address and after the fix for CVE-2008-1483 [2] 
> leads to the whole X11 forwarding fail.
    I can see the user-friendliness issue being possibly a
good thing, but have some questions that might
support current behavior (as you describe):

    1) Why would openssh be configured to try IPV6 on a system
where it doesn't exist?  Or -- wouldn't it be an error to
try to configure a transport that doesn't exist on that system?
(why not just fix the global defaults?)

    2) How would it be different than asking openssh to configure
Netware sockets (or whatever) and use them?

    3) I'm not sure that expecting an application (like openssh
or others), upon failing some random proto's open, should
fall back to IPv4.  Should IPv4 always be expected to be "the"
fallback if any other proto fails?

    Maybe I'm wondering how a non-existent protocol should be
dealt with and whether or not any such non-existent proto should
fall back to "something" and if that something should be ipv4?


More information about the openssh-unix-dev mailing list