SUMMARY: Tru64 5.1A, IPv6, openssh, and tcp_wrappers

From: Senn, Bruce (sennb@union.edu)
Date: Fri Oct 15 2004 - 16:11:25 EDT

• Next message: Barry Dzvova: "FDA APPR0VED PRESCRI1PTl0N MED||CATIONS."
• Previous message: Shah, Alay: "Samba support on Tru64 UNIX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The answer is ... use the sshd runtime option -4. -4 Forces sshd to use
IPv4 addresses only.

sshd -4

Bruce.
------------------------------------------------------------------------

----
  Bruce J. Senn			Phone:  (518) 388-6664
  Senior System Manager	FAX:    (518) 388-6458
  Union College			E-mail:  sennb@union.edu
  Schenectady, NY 12308	WWW:  http://www1.union.edu/~sennb
------------------------------------------------------------------------
----
-----Original Message-----
From: tru64-unix-managers-owner@ornl.gov
[mailto:tru64-unix-managers-owner@ornl.gov] On Behalf Of Senn, Bruce
Sent: Friday, October 15, 2004 2:54 PM
To: tru64-unix-managers@ornl.gov
Subject: Tru64 5.1A, IPv6, openssh, and tcp_wrappers
I have upgraded our test server, an Alpha Personal Workstation 600au, to
Tru64 5.1A.  I am now having problems with ssh connections.  The first
error message is:
Oct 13 14:58:35 testsvr sshd[510671]: refused connect from 0.0.0.0
As a workaround I added 0.0.0.0 the hosts.allow.  Connections succeed
with the following entry in auth.log.
Oct 13 15:09:52 testsvr sshd[517969]: Accepted password for username
from ::ffff:149.106.nn.nn port 4498 ssh2
My theory is that sshd is getting the IPv6 address, interpreting some
part of it to be 0.0.0.0, and trying to validate that in hosts.allow.
This does not happen on my server running Tru64 4.0D.
Here is some additional version information.
Openssl	3.4.p1
Tcp_wrappers	7.6
Gcc		3.3.1
Gnu-make	3.8
There seem to be a couple of configuration options for ssh, namely
--with-ipv4-default and --with-4in6.  There also seems to be an IPv6
version of tcp_wrappers.  I'm not sure what in Tru64 5.1A is returning
the IPv6 address to ssh or if there is a way to change it.
Any thoughts or advice would be appreciated.
TIA.
Bruce.
------------------------------------------------------------------------
----
  Bruce J. Senn			Phone:  (518) 388-6664
  Senior System Manager	FAX:    (518) 388-6458
  Union College			E-mail:  sennb@union.edu
  Schenectady, NY 12308	WWW:  http://www1.union.edu/~sennb
------------------------------------------------------------------------
----

• Next message: Barry Dzvova: "FDA APPR0VED PRESCRI1PTl0N MED||CATIONS."
• Previous message: Shah, Alay: "Samba support on Tru64 UNIX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:50:09 EDT