From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id MMFiM0sVhGL6ngAAbAwnHQ (envelope-from ) for ; Tue, 17 May 2022 23:36:11 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id ABksM0sVhGL3AwEAauVa8A (envelope-from ) for ; Tue, 17 May 2022 23:36:11 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 738743B0E4 for ; Tue, 17 May 2022 23:36:11 +0200 (CEST) Received: from localhost ([::1]:46034 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nr4rS-00042a-1V for larch@yhetil.org; Tue, 17 May 2022 17:36:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36602) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nr4rK-000411-Dn for bug-guix@gnu.org; Tue, 17 May 2022 17:36:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:36058) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nr4rK-0000A2-4M for bug-guix@gnu.org; Tue, 17 May 2022 17:36:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nr4rJ-0001x5-Uv for bug-guix@gnu.org; Tue, 17 May 2022 17:36:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#55335: openssh-service no longer listens on IPv6 Resent-From: Christopher Baines Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 17 May 2022 21:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55335 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 55335@debbugs.gnu.org Received: via spool by 55335-submit@debbugs.gnu.org id=B55335.16528233037427 (code B ref 55335); Tue, 17 May 2022 21:36:01 +0000 Received: (at 55335) by debbugs.gnu.org; 17 May 2022 21:35:03 +0000 Received: from localhost ([127.0.0.1]:58188 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nr4qM-0001vg-Rp for submit@debbugs.gnu.org; Tue, 17 May 2022 17:35:03 -0400 Received: from mira.cbaines.net ([212.71.252.8]:41298) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nr4qL-0001vE-CV for 55335@debbugs.gnu.org; Tue, 17 May 2022 17:35:01 -0400 Received: from localhost (unknown [IPv6:2a02:8010:68c1:0:54d1:d5d4:280e:f699]) by mira.cbaines.net (Postfix) with ESMTPSA id EE17F27BBE9; Tue, 17 May 2022 22:34:59 +0100 (BST) Received: from felis (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 01ccbfa7; Tue, 17 May 2022 21:34:57 +0000 (UTC) References: <87r153q913.fsf@cbaines.net> <20220513142312.21382-1-mail@cbaines.net> <87lev4f71w.fsf_-_@gnu.org> User-agent: mu4e 1.6.10; emacs 27.2 From: Christopher Baines Date: Tue, 17 May 2022 22:33:29 +0100 In-reply-to: <87lev4f71w.fsf_-_@gnu.org> Message-ID: <877d6jonb4.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1652823371; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post; bh=I8jutMggczslggpsC69nwi6yy9t3tdqMBmHJUXIEcFI=; b=VKNbLFMoS4BQFny3q0c0f1UNK3poJg7cKVOWn2KjitnVijZz/REneaJPF5DhN2fz0sfXbt zrPS6upo1OvDFqlEGeXF3x2cbDLBZSdQWHnxnDcYp4afMHYiytcPOYybWofucBal0ienUO +gn/Bs59jzyHijqS2K20A/eh8twPRoTUnih2aLQjgSjPG7uwJGR2cQpsDDWpYkV1b/4rZY cFs9biSSeqpSKMER4NQbbrk+Z32P0+PPmnzbe/apAcbB5WRnLd6pROKTe+1gP64JXx5UIX uZaIWyBsROks4psfJ20IOF/h4u2jYRHTrQms9r2CgpXHeuNwXoezhvSfJA1woQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1652823371; a=rsa-sha256; cv=none; b=HdaqLQ452cEeu39QT44DG/RksZdcaoC+wIYoOtS6Sq+CqgItqOdGq54l4qbuNgTHoYZwU7 20VIbn5IFZNWZA/LnmHHOsoSZzK7uogV9KvifbB3Cl4seQrUu7Cih9dvTjnPF1UQrx2LPP 8noo+fHTl1jmIjBl5IUkKllX2g1La9i2dNHBGvFZoLa7BetZDPC2FkKkercKP7pSdTUvbg wd653vr2G89s7XInE+GHd9uwZYGEUAr3HLbBMkyX4eNHE1xlH99hHH9X/WLc+Cg/orgYvV tu6OLS5IW0IydqpsFBbl44HzxpyhlCNGZVJnRJVvSvpBvzCsEqYV1W1UYQsRzw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -5.14 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 738743B0E4 X-Spam-Score: -5.14 X-Migadu-Scanner: scn1.migadu.com X-TUID: 3C0xtP0XlwPl --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: > Hi, > > Christopher Baines skribis: > >> Switching to listing via IPv6 should support IPv4 connections, as Linux = is >> capable of translating IPv4 connections to IPv6. I think there's a risk = that >> switching to this approach will affect some uses of the openssh >> service. Therefore, this commit makes this a configuration option, which= is #f >> by default. > > [...] > >> + (make-socket-address #$(if (openssh-listen-via-i= pv6? config) >> + #~AF_INET6 >> + #~AF_INET) >> + INADDR_ANY >> #$port-number) > > Thinking about it, what do you think is the risk of using AF_INET6 > unconditionally? I'm assuming that configuration that looks at the IP addresses will be affected, e.g. things like: Match Address 127.0.0.* PubkeyAuthentication yes But this is just a guess. > AFAICS it just works. Is there a switch somewhere that might affect > that behavior? > > (I still think that changing =E2=80=98make-inetd-constructor=E2=80=99 to = accept multiple > addresses is a better fix longer-term, but if we can have this quick > fix, that=E2=80=99s great.) I'm also interested in a quick fix. I'd like to either make the switch to using AF_INET6 unconditionally, or push the patch I sent for allowing it to be used through a configuration option. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmKEFP9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh aW5lcy5uZXQACgkQXiijOwuE9XdS6A/+JZQVoML9XUz6m4UV10FlF88x9jyVqk4P Ikfq7S6Ure3rdskN6nFGeDMqkIpxdvRsfW2BkwczVCNcdzHm+olJyoj1+VNYvdF6 vqQe52X1hIkiK82SbxSXjiB1jOqsRGdpGGBHEcJC4UcWz/LvJM1ciEf9ocnISnXL vHU871TRzTpZPouZHeCiefg1hZ453X8Rky+9qSP6iv+Cm+7dRgToCwIwW50Bp84V 2N73aFohLTYTtq65tWqx8szvLHlAp1V8k4vwQtcfiSK5UtUU+snJPXGkXZkhD2HB LQ2hEOZVnWHVW/PqxaReqn3bxGn1wy64B0OypMWNLkpZJ7RoBmLf1RU5VlccdUDV BVbE1BV03XSBSjNiVuOKTny5NCSCvrL6orHJMW6asjVaJDdWf5FqI7FgBQTzSam/ ZkKcEyivNVvY0E+rNYGYxGIwjaOz1GCyWjUap0kjNRElvxNSRd/34UJdTVUvWSWk lTJnFnOq4Uh2EbYNEgjmCwVh54iPXgmux0khT/2gqqUaA1W1EToY9tUSz5Exr8pj bqsQpBUWdeA7ixpxY7wriMtZ8f/H7xzRnpOTVzT/FyM1O5lgl2yMyphyOx4jCyd+ k2+3xH3nkI0jzP8Y+Y5kr9UF2nzmQeb07zX663B0ol7AQ8TMUCELEp3KXvOIjgLA o0xp2vaSExo= =wDqi -----END PGP SIGNATURE----- --=-=-=--