|
     |
In terms of how IPv4 and IPv6 addresses are supported, the server,
sshd2, is managed by the following keywords in the
sshd2_config configuration file:
AddressFamily {
inet
|
inet6
|
any
}
This keyword specifies which address families may be used. It may be supplied exactly once or be omitted.
Valid values for AddressFamily are:
inet (default): Accepts IPv4 addresses
only. IPv6 addresses are ignored.
inet6: Accepts IPv6 addresses only.
any: Accepts both IPv4 and IPv6 addresses.
The command-line options -4 and -6 correspond to
inet and inet6. If the command-line options are
specified, they override the configuration keyword.
If no configuration keyword or command-line option is supplied, the default
inet is used.
ListenAddress {
IPv4 address
|
IPv6 address
} [
port
]
This keyword specifies the network interface(s) on which the server will listen. It may be supplied multiple times, or be omitted:
If ListenAddress is omitted, sshd2 listens
on the IPv4 0.0.0.0 address or the IPv6 ::
address, or both, depending on the address family selected as above.
Multiple listening sockets are opened in the order given by the sequence of
ListenAddress keywords found.
Listen addresses must accord with the AddressFamily specification:
an address ruled out by the address family selected will be ignored.
Optionally, the port on which to listen may be specified here, thus overriding any
Port configurations and the default port 22.
The command-line option -o
ListenAddress=' may also be used to specify interfaces
on which the server is to listen. These are additional to any interfaces specified using
configuration keywords. Each ip-address
[port]'-o ListenAddress option must be followed
by one address-port definition, consisting of an IPv4 or IPv6 address followed by a
space, and an optional port number. If the port is missing, the last
Port configuration keyword or the default port 22 is used.
Note that the -p port number option will override any port number
specified via the configuration keyword Port or ListenAddress,
but it does not affect any port numbers supplied with the -o ListenAddress
option.
An IPv6 address may be either a link-local address or a global address; the server will listen all scopes of a link-local address if one is specified.
The following table demonstrates some of the allowed and invalid combinations of the above-mentioned configuration keywords and command-line options, and their resultant effect:
Address -4 / -6 Listen -o Listen on Family Address ListenAddress interface(s), port(s) * -4 none 127.0.0.1 127.0.0.1 * -4 none 127.0.0.1 23 127.0.0.1:23 * -4 none ::1 error * -4 none any 0.0.0.0:22 * -4 none any 23 0.0.0.0:23 * -4 none none 0.0.0.0:22 * -6 none 0.0.0.0 error * -6 none ::1 [::1]:22 * -6 none 127.0.0.1 error * -6 none :: [::]:22 * -6 none any [::]:22 * -6 none none [::]:22 any -6 0.0.0.0 none 0.0.0.0:22 any none ::1 127.0.0.1 23 [::1]:22, 127.0.0.1:23 any none ::1 23 none [::1]:23 any none 127.0.0.1 10.1.1.1 23 127.0.0.1:22, 10.1.1.1:23 any none 127.0.0.1 ::1 127.0.0.1:22, [::1]:22 any none 127.0.0.1 23 none 127.0.0.1:23 any none 127.0.0.1 fe80::100:10 23 127.0.0.1:22, [fe80::100:10]:23 any none 127.0.0.1 none 127.0.0.1:22 any none ::1 none [::1]:22any none [::] none 0.0.0.0:22, [::]:22 any none none :: 0.0.0.0:22, [::]:22 any none none ::1 [::1]:22 any none none 127.0.0.1 127.0.0.1:22 any none none 127.0.0.1 23 127.0.0.1:23 any none none any 0.0.0.0:22, [::]:22 any none none any 23 0.0.0.0:23, [::]:23 any none none none 0.0.0.0:22, [::]:22 inet6 -4 ::1 none [::1]:22 inet6 -6 0.0.0.0 none error inet6 none ::1 :: 23 [::1]:22, [::]:23 inet6 none ::1 23 :: [::1]:23, [::]:22 inet6 none ::1 23 127.0.0.1 [::1]:23 inet6 none ::1 23 fe80::100:10 [::1]:23, [fe80::100:10]:22 inet6 none ::1 23 none [::1]:23 inet6 none 127.0.0.1 :: [::]:22 inet6 none 127.0.0.1 none error inet6 none ::1 none [::1]:22
inet6 none none 127.0.0.1 error
inet6 none none :: 23 [::]:23 inet6 none none fe80::100:10 23 [fe80::100:10]:23 inet6 none none none [::]:22 inet -6 0.0.0.0 none 0.0.0.0:22 inet none ::1 127.0.0.1 127.0.0.1:22 inet none 127.0.0.1 10.1.1.1 23 127.0.0.1:22, 10.1.1.1:23 inet none 127.0.0.1 :: 127.0.0.1:22 inet none 127.0.0.1 23 10.1.1.1 22 127.0.0.1:23, 10.1.1.1:22 inet none 127.0.0.1 :: 23 127.0.0.1:22 inet none 127.0.0.1 23 none 127.0.0.1:23 inet none 127.0.0.1 none 127.0.0.1:22 inet none ::1 none error inet none none :: error inet none none none 0.0.0.0:22 none -4 ::1 127.0.0.1 127.0.0.1:22 none -4 ::1 none error none -6 0.0.0.0 none error none none none [::] 23 error none none none any 0.0.0.0:22 none none none any 23 0.0.0.0:23 none none none :: error none none none none 0.0.0.0:22
| | Subsequent sshg3 ::1#22 succeeds; sshg3 127.0.0.1#22 fails. |
| |
|
Running the server with the verbose option may help to clarify what interfaces are being
listened on. See sshd2(8) and sshd2_config(5) for more details,
as well as for where hosts may be specified or matched by IPv6 address (e.g.
sshd2_config keywords AllowHosts, AllowSHosts, ProxyServer, etc.).
| |
Copyright 
2015 SSH Communications Security Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information