RFC 8305 Happy Eyeballs in OpenSSH
Josh Soref
jsoref at gmail.com
Sun Feb 25 18:52:16 AEDT 2018
Has anyone checked to make sure that this won't upset sshguard? [1]
Offhand, it looks like it will [2][3].
[1] https://www.sshguard.net/
[2] https://bitbucket.org/sshguard/sshguard/src/2ed7e0aee18b7271daab92d5335c14e04bb2cc89/src/parser/attacks.txt?at=master&fileviewer=file-view-default#attacks.txt-9
[3] https://bitbucket.org/sshguard/sshguard/src/2ed7e0aee18b7271daab92d5335c14e04bb2cc89/src/parser/attacks.txt?at=master&fileviewer=file-view-default#attacks.txt-10
On Sun, Feb 25, 2018 at 2:16 AM, Matthieu Herrb <matthieu at herrb.eu> wrote:
> On Fri, Feb 23, 2018 at 12:32:38PM +0000, Kim Minh Kaplan wrote:
>> Hello,
>>
>> I use hosts that are dual stack configured (IPv4 and IPv6) and it
>> happens that connectivity through one or the other is broken and
>> timeouts. In these case connection to the SSH server can take quite some
>> time as ssh waits for the first address to timeout before trying the
>> next.
>>
>> So I gave a stab at implementing RFC 8305. This patch implements part of
>> it in sshconnect.c.
>>
>> * It does not do section 3 (initiation of asynchronous DNS queries, a
>> SHOULD).
>> * It does not do section 4 (sorting of resolved destination
>> addresses). That means it does not do the RFC 6724 address sort
>> which is a MUST. The order is still the one from getaddrinfo(3).
>> * It implements section 5 (initiation of asynchronous connection
>> attempts). It paces the connection attempts 250 milliseconds appart
>> as recommended. Once a connection attempt succeeds it cancels all
>> other initiated connections and ignores addresses not yet used.
>> * It does not implement RFC 8305 for channels.c, that is port
>> forwardings do not use it.
>>
>
> Hi,
>
> I like this. As I'm also running with dual stack machines both at work
> and at home, and have sometimes issues with one of the stacks.
>
> I'm running with this on my OpenBSD machines now. No problem noticed
> so far.
> --
> Matthieu Herrb
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list