sshd Failing New Inbound Connections
Steffen Nurpmeso
steffen at sdaoden.eu
Sat Mar 19 10:58:30 AEDT 2022
Peter Stuge wrote in
<20220318230932.23632.qmail at stuge.se>:
|Damien Miller wrote:
|>> "fatal: bad addr or host: ::1 (no address associated with name)"
|>
|> sshd doesn't need to actually resolve the listenaddress directives in
|> the reexec path, so skip it.
|
|Is a further improvement possible where addresses are recognized as
|such without the resolver, eliminating the resolver as a source of
|problems when it's actually not applicable?
|
|I don't know how easy it is to accomplish very portably? :\
|
|POSIX.1-2001 offers inet_pton() but that essentially requires trying
|both AF_INET and AF_INET6 explicitly.
I wonder, don't you usually do
c_af = (su_cs_find_c(pgp->pg_ca, ':') != NIL) ? AF_INET6 : AF_INET;
if(inet_pton(c_af, pgp->pg_ca,
(c_af == AF_INET ? S(void*,&c_sip.v4)
: S(void*,&c_sip.v6))) != 1){
Problem (for me regarding inet_pton(3)) is more that this beast
fails for things like 127.000.000.001, it expects properly
formatted 127.0.0.1. (This at least GNU LibC, i personally see
this as a bug, even though POSIX says "standard text
interpretation" --- but that surely is decimal and then
"compression" (to use the term for IPv4) should be applicable or
not.)
|getaddrinfo() sometimes supports AI_NUMERICHOST which could perhaps
|be tried once opportunistically, before trying again with it unset?
|
|Would it be worthwhile to do something like that even if it only
|works on some platforms? (Others would keep current behavior.)
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the openssh-unix-dev
mailing list