Re: Bug#80503: ssh: default configuration breaks IPv6
On 01-01-02 horape@tinuviel.compendium.net.ar wrote:
> [I'm CC'ing to debian-ipv6 again, sorry for not adding the notice before]
Thanks, I keep the Cc now.
> > > ListenAddress shouldn't be set by default. ListenAddress is to be used
> > > when you want to bind only some addresses. The admin is who should add
> > > that directive if it's needed.
> > Well, but debian should provide the admin and the users also with some
> > good choosen defaults.
> Openssh provides the admin a good chosen default (that's activated when
> no ListenAddress directive is present) I don't understand why D.Miller has
> changed it.
Well, maybe we will find it out. :)
> > > I'll ask Damien Miller why does his patch add that directive.
> > Thanks, this directive has not been changed in the debian package of
> > openssh, so I would suggest that you convince him first.
> I've writen to the openssh-unix-dev list asking about that.
Alright, as I'm also subscribed to this list, I wll also be able to read
the answers.
> > > > > > |ListenAddress 0.0.0.0
> > > > > > |#ListenAddress ::
> > > > > That's not a solution. Because in IPv4 only machines
> > > > > ListenAddress :: doesn't work.
> > > > Then you comment out both lines. :( This is not very difficult
> > > > to do for any admin who wants to use IPv4 _and_ IPv6.
> > > Yep, but why to restrict the default config?
> > Because this option is not changed by the debian maintainer and has
> > been set up by the upstream and I would rather like to see a change
> > in the upstream package then a fix for this in your diff.gz.
> Really, i don't believe that's that way. There is an upstream package, a
> "mediumstream" package and debian package. The "mediumstream" patch
> breaks something. Maybe debian should fix what "mediumstream" has broken.
Well, you must consider that the upstream package is a pure openbsd
package which will not work on any other OS. So the openssh-developers
ake the source and add all the stuff that is necessary to support other
OS and add features. Also the developers are not the same, so there are
difference between the people working on openssh on openbsd and for the
other OS. So I would call the sources that we use here upstream, since
the bugs and problems that we notice are mostly coming from the port.
> > > > > > Therefor this report should be changed to severity wishlist, which
> > > > > > would be more approiate.
> > > > > I believe that being so trivial to fix it, it should be changed to
> > > > > fixed, not put in the wait queue.
> > > > Why? You fail to give a good explanation why we should add this support
> > > Options are:
> > > (a) ListenAddress set: IPv4 works, IPv6 doesn't.
> > > (b) ListenAddress unset: IPv4 works the very same way, IPv6 works.
>
> > Would this cause first an IPv6 lookup for the IP and then a IPv4 lookup?
> [I assume lookup = dns lookup, else i don't understand the question]
Yes.
> No. That's a bind(2) call. There is no dns lookup anywhere.
Are you sure? I think there's also a dns-lookup involved as otherwise
you won't know the IP-address of the host that ssh should connect to.
> > Well, how fast is IPv6 developed? If you think about other tols and
> > there IPv6-Support you will notice that it's even worse then the support
> > in openssh (especially 2.3.0p1).
> Yep, but that's something I regret. I've been a debian user for more than
> five years, but when i needed to work seriously with IPv6 I had to install
> some BSDs (and we're FAR behind them, FBSD even allows installing over
> the 6bone)
Hm, what's the 6bone? Where can I get more information about it?
Ciao
Christian
--
Debian Developer and Quality Assurance Team Member
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Reply to: