bug#55335: openssh-service no longer listens on IPv6

[Christopher Baines]

Ludovic Courtès <ludo@gnu.org> writes:

> Hi,
>
> Christopher Baines <mail@cbaines.net> skribis:
>
>> Switching to listing via IPv6 should support IPv4 connections, as Linux is
>> capable of translating IPv4 connections to IPv6. I think there's a risk that
>> switching to this approach will affect some uses of the openssh
>> service. Therefore, this commit makes this a configuration option, which is 
>> #f
>> by default.
>
> [...]
>
>> +                       (make-socket-address #$(if (openssh-listen-via-ipv6? 
>> config)
>> +                                                  #~AF_INET6
>> +                                                  #~AF_INET)
>> +                                            INADDR_ANY
>>                                              #$port-number)
>
> Thinking about it, what do you think is the risk of using AF_INET6
> unconditionally?

I'm assuming that configuration that looks at the IP addresses will be
affected, e.g. things like:

  Match Address 127.0.0.*
    PubkeyAuthentication yes

But this is just a guess.

> AFAICS it just works.  Is there a switch somewhere that might affect
> that behavior?
>
> (I still think that changing ‘make-inetd-constructor’ to accept multiple
> addresses is a better fix longer-term, but if we can have this quick
> fix, that’s great.)

I'm also interested in a quick fix. I'd like to either make the switch
to using AF_INET6 unconditionally, or push the patch I sent for allowing
it to be used through a configuration option.

signature.asc
Description: PGP signature