[SOLVED] ssh to IPV6 on different port

r3sistance · 02-09-2017, 02:56 AM

How odd, in /etc/hosts do you have an entry such as the following?

Code:

# grep ^::1 /etc/hosts
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

pixie · 02-09-2017, 03:46 AM

Nope,

Code:

grep ^::1 /etc/hosts
::1     ip6-localhost ip6-loopback

r3sistance · 02-09-2017, 03:51 AM

That explains the failure then, try doing 'ssh -6 -p 2345 ip6-localhost' or appending the line given previously as currently localhost will never resolve for ipv6 on that machine.

michaelk · 02-09-2017, 03:55 AM

Try
ssh -6 -p 2345 ::1
or
ssh -6 -p 2345 ip6-localhost

pixie · 02-09-2017, 04:09 AM

Quote:

Originally Posted by michaelk

Try
ssh -6 -p 2345 ::1
or
ssh -6 -p 2345 ip6-localhost

Both of those work but how does that help connect remotely using 2345?

pixie · 02-09-2017, 04:21 AM

Quote:

Originally Posted by r3sistance

That explains the failure then, try doing 'ssh -6 -p 2345 ip6-localhost' or appending the line given previously as currently localhost will never resolve for ipv6 on that machine.

Tried appending it but no change.

michaelk · 02-09-2017, 04:35 AM

It proves the server is working using an alternative port.
On the client adding -v for debug info might help.

ssh -6 -v server-ip

r3sistance · 02-09-2017, 04:38 AM

Quote:

Originally Posted by pixie

Both of those work but how does that help connect remotely using 2345?

It confirms it is working locally, so we can rule out any conflicts on that side.

Next suggestion, add a temporary rule in ip6tables that opens ALL traffic to the IP you are connecting from, so little more than a: -I INPUT 1 -s <yourip> -j ACCEPT

pixie · 02-09-2017, 06:38 AM

Made no difference. Can only connect to IPv6 address using port 22.

r3sistance · 02-09-2017, 07:49 AM

Well then I don't think the issue is ip6tables or sshd. It maybe another service on the server, but you don't happen to have a hardware firewall in front of the server do you? The only remaining ideas I have would be setting ip6tables to log and see if it reports anything hitting or using something like tcpdump or tethereal to actually scan the incoming traffic to see if it is hitting the server.

pixie · 02-09-2017, 07:59 AM

Thanks for your time and suggestions. Going to give it a break for a while.

pixie · 03-04-2017, 07:02 AM

Fixed

Of course the answer is always obvious isn't it?

The remote server wasn't blocking the connection it was the local server stopping connections going out on port 2345. Duh! So all I had to do was add the remote servers ssh port to the "Allow outgoing IPv6 TCP ports" And in the hosts.allow file on remote server put the IPv6 addr in square brackets. Example:

Code:

sshd : [3001:ds4:4:3::] : allow

Thanks again to all for help and suggestions.