LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-09-2017, 02:56 AM   #16
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217

How odd, in /etc/hosts do you have an entry such as the following?

Code:
# grep ^::1 /etc/hosts
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Last edited by r3sistance; 02-09-2017 at 03:45 AM.
 
Old 02-09-2017, 03:46 AM   #17
pixie
Member
 
Registered: Aug 2003
Distribution: Mageia, Centos, CloudLinux
Posts: 53

Original Poster
Rep: Reputation: 27
Nope,
Code:
grep ^::1 /etc/hosts
::1     ip6-localhost ip6-loopback
 
Old 02-09-2017, 03:51 AM   #18
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
That explains the failure then, try doing 'ssh -6 -p 2345 ip6-localhost' or appending the line given previously as currently localhost will never resolve for ipv6 on that machine.
 
Old 02-09-2017, 03:55 AM   #19
michaelk
Moderator
 
Registered: Aug 2002
Posts: 21,234

Rep: Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974
Try
ssh -6 -p 2345 ::1
or
ssh -6 -p 2345 ip6-localhost
 
Old 02-09-2017, 04:09 AM   #20
pixie
Member
 
Registered: Aug 2003
Distribution: Mageia, Centos, CloudLinux
Posts: 53

Original Poster
Rep: Reputation: 27
Quote:
Originally Posted by michaelk View Post
Try
ssh -6 -p 2345 ::1
or
ssh -6 -p 2345 ip6-localhost
Both of those work but how does that help connect remotely using 2345?

Last edited by pixie; 02-09-2017 at 04:12 AM.
 
Old 02-09-2017, 04:21 AM   #21
pixie
Member
 
Registered: Aug 2003
Distribution: Mageia, Centos, CloudLinux
Posts: 53

Original Poster
Rep: Reputation: 27
Quote:
Originally Posted by r3sistance View Post
That explains the failure then, try doing 'ssh -6 -p 2345 ip6-localhost' or appending the line given previously as currently localhost will never resolve for ipv6 on that machine.
Tried appending it but no change.
 
Old 02-09-2017, 04:35 AM   #22
michaelk
Moderator
 
Registered: Aug 2002
Posts: 21,234

Rep: Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974Reputation: 3974
It proves the server is working using an alternative port.
On the client adding -v for debug info might help.

ssh -6 -v server-ip
 
Old 02-09-2017, 04:38 AM   #23
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
Quote:
Originally Posted by pixie View Post
Both of those work but how does that help connect remotely using 2345?
It confirms it is working locally, so we can rule out any conflicts on that side.

Next suggestion, add a temporary rule in ip6tables that opens ALL traffic to the IP you are connecting from, so little more than a: -I INPUT 1 -s <yourip> -j ACCEPT
 
Old 02-09-2017, 06:38 AM   #24
pixie
Member
 
Registered: Aug 2003
Distribution: Mageia, Centos, CloudLinux
Posts: 53

Original Poster
Rep: Reputation: 27
Made no difference. Can only connect to IPv6 address using port 22.
 
Old 02-09-2017, 07:49 AM   #25
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
Well then I don't think the issue is ip6tables or sshd. It maybe another service on the server, but you don't happen to have a hardware firewall in front of the server do you? The only remaining ideas I have would be setting ip6tables to log and see if it reports anything hitting or using something like tcpdump or tethereal to actually scan the incoming traffic to see if it is hitting the server.
 
Old 02-09-2017, 07:59 AM   #26
pixie
Member
 
Registered: Aug 2003
Distribution: Mageia, Centos, CloudLinux
Posts: 53

Original Poster
Rep: Reputation: 27
Thanks for your time and suggestions. Going to give it a break for a while.
 
Old 03-04-2017, 07:02 AM   #27
pixie
Member
 
Registered: Aug 2003
Distribution: Mageia, Centos, CloudLinux
Posts: 53

Original Poster
Rep: Reputation: 27
Fixed
Of course the answer is always obvious isn't it?
The remote server wasn't blocking the connection it was the local server stopping connections going out on port 2345. Duh! So all I had to do was add the remote servers ssh port to the "Allow outgoing IPv6 TCP ports" And in the hosts.allow file on remote server put the IPv6 addr in square brackets. Example:
Code:
sshd : [3001:ds4:4:3::] : allow
Thanks again to all for help and suggestions.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] IPtables : ssh port forwarding one port to another port issue routers Linux - Networking 7 08-07-2018 08:41 AM
How to change SSH port 22 to new one and make Linux system know the new SSH port? sscn Linux - Newbie 16 10-12-2016 11:22 AM
IPv6 & Port Forwarding Geremia Linux - Server 3 04-18-2011 02:51 AM
Howto do Secured ssh from port https or port80(standard) to ssh d listening port 22 ? Xeratul Linux - General 4 11-23-2006 06:09 AM
iptables help! DROP ssh port, but allow to connect to ssh if from 2222 port kandzha Linux - Networking 4 09-13-2006 09:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration