Match on AddressFamily
Anton Khirnov
anton at khirnov.net
Mon Jun 1 01:04:29 AEST 2026
Hi,
Quoting Marc Haber (2026-05-31 16:31:44)
> Hi,
>
> I have in my client config:
>
> Match Localnetwork 2001:db8:43fa:bc82::/64
> BindAddress 2001:db8:43fa:bc82::1f:100
>
> to ask my ssh client to use a static address instead of the privacy IPv6
> address when I am at my home network.
RFC5014 defines a proper way to handle this without hardcoding any
addresses, by adding a socket option to express address type preference
(public, temporary, etc.). I sent a patch a couple years ago
implementing it in openssh, but it was not accepted (might have had
something to with the fact that only Linux implements this RFC).
These days I'm using ssh via a wrapper script that intercepts socket()
and adds the relevant socket option. It's not ideal, but seems to work
well enough. Source attached, if you're interested.
Cheers,
--
Anton Khirnov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: socket_v6_prefer_public.c
Type: text/x-c
Size: 976 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20260531/eb912c22/attachment.c>
More information about the openssh-unix-dev
mailing list