[Bug 2820] Add support for ssh client to bind to an interface

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Feb 17 04:36:23 AEDT 2018


--- Comment #3 from Mike Manning <mvrmanning at gmail.com> ---
Many thanks for looking into this enhancement, which will make
deployment for us a lot easier. I excluded the IPv6 loopback addr ::1,
as it should not be used as the source address in packets that are sent
outside of the node cf RFC4291, section 2.5.3. Also I excluded
link-local addresses, as these could only work with a directly
connected ssh server, also for reasons of parity with the bind address
option, which errors as follows:

ssh -b fe80::5054:ff:fe4d:a73 mike at VR3v6
bind: fe80::5054:ff:fe4d:a73: Invalid argument
ssh: connect to host vr3v6 port 22: Invalid argument

I confirm I have tested your changes, which are fine for loopback with
IPv4 & IPv6 addr, IPv4 only, IPv6 only (apart from my concerns re use
of IPv6 loopback & LL), and even if there is only an IPv6 link-local
address, the end result is ok:

ssh -B lo2 mike at VR4v6
debug2: resolving "vr4v6" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to vr4v6 [2000::4] port 22.
debug1: ssh_create_socket: bound to fe80::fc55:b3ff:fee5:d46%lo2
debug1: connect to address 2000::4 port 22: Network is unreachable
ssh: connect to host vr4v6 port 22: Network is unreachable

I am fine with use of strcmp, I just wanted to point out that I was
using strncmp with the length check using the maximum string size for
interface names IFNAMSIZ (=16), so substring matches don't occur, but
this approach avoids problems with strings that are not null-terminated
(I appreciate that is not the case here!). Thanks again.

You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list