SSH should listen on IPv6 addresses as well

Got a feature request? Great! Post your ideas here!

Moderator: Lillian.W@AST

Post Reply
doccaz
Posts: 15
youtube meble na wymiar Warszawa
Joined: Fri May 22, 2020 10:07 pm

SSH should listen on IPv6 addresses as well

Post by doccaz »

My internal network is IPv6, and ADM advertises itself over mDNS/Avahi with the IPv6 address.

However, the SSHD running on ADM only listens at the IPv4 address. Could we please get it listening on the IPv6 interface as well?

This is really inconvenient, as I need to get into the ADM webui to get the IPv4 address every time.
User avatar
father.mande
Posts: 1810
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

Re: SSH should listen on IPv6 addresses as well

Post by father.mande »

Hi,
doccaz wrote:My internal network is IPv6, and ADM advertises itself over mDNS/Avahi with the IPv6 address.
However, the SSHD running on ADM only listens at the IPv4 address. Could we please get it listening on the IPv6 interface as well?
This is really inconvenient, as I need to get into the ADM webui to get the IPv4 address every time.
If I run a : /bin/netstat -lpt | grep sshd the result show that IPV4 AND IPV6 are listening for incoming connection ... can you verify ?
... I change my private port to 22 as default ... nothing other to the default conf. file.

Code: Select all

/bin/netstat -lpt
...
tcp        0      0 0.0.0.0:22            0.0.0.0:*               LISTEN      1420/sshd [listener
...
tcp        0      0 :::22                 :::*                    LISTEN      1420/sshd [listener
...
first line if for all IP V4
second line is for ALL V6

If your version of ADM don't have netstat (I don't remember) use Entware APKG to add up to 2000+ packages including network tools ...

Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
doccaz
Posts: 15
Joined: Fri May 22, 2020 10:07 pm

Re: SSH should listen on IPv6 addresses as well

Post by doccaz »

Thanks for the reply.
Indeed it is listening on IPv6, but if I try to log in using the IPv6 address, I get:

kex_exchange_identification: read: Connection reset by peer

... and I'm disconnected. Nothing is logged in /var/log/messages.

It might be the fact that ADM Defender doesn't seem to support IPv6 addresses/subnets at all.
User avatar
father.mande
Posts: 1810
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

Re: SSH should listen on IPv6 addresses as well

Post by father.mande »

Hi,

If it's linked to ADM Defender ... open a ticket to the support

But did you try the standard tcp wrappers ? in ipv6 some times we need to add the client address to /etc/hosts.allow (error know in Fedora for ssh on IPV6 for ex.)

try it, if by chance this works (no idea) you must add this at each boot, if I remember /etc is rebuild each time for a part . and added file are not keep.

Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
User avatar
Nazar78
Posts: 2002
Joined: Wed Jul 17, 2019 10:21 pm
Location: Singapore
Contact:

Re: SSH should listen on IPv6 addresses as well

Post by Nazar78 »

The ADM SSHD was compiled in such a way that it doesn't support syscall for setsockopt IPV6_TCLASS 16. Not sure why I didn't really look into this but you can ask Asustor Support because IPv6 works fine (even though the error exists) in chroot and LXC environment using the same kernel.

But if you really insist on IPv6, setup a tunnel or proxy. I have a dual stack IPv4/IPv6, most of my connection goes through IPv6 while IPv4 is reserved for legacy usage like older IoT and stream cast.

I did mine in chroot but you can do however you like, i.e. in docker, LXC, Entware or even VM (with proper settings but best to avoid VM due to overheads).

Here's my nginx reverse proxy settings in chroot, I made it listen to port 22122 to avoid conflict with the default port OR you can change the default port in ADM Services -> Terminal to 22122 then use 22 here, then open up my this port in my IPv6 firewall:

Code: Select all

stream {
	upstream ssh {
		server localhost:22;
	}
	server {
		listen [::]:22122;
		proxy_pass    ssh;
	}
}
Edited: Think you should be able to modify the ADM built-in nginx by adding the above and it should be persistent on reboots. Edit this file /volume0/usr/builtin/etc/nginx/nginx.conf add the above then give the daemon a SIGHUP.

I usually ssh to my AAAA IPv6 DNS records domain name but here's a sample in plain IPv6:
Screenshot 2022-06-18 035847.png
Screenshot 2022-06-18 035847.png (19.27 KiB) Viewed 2516 times
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps

When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Post Reply

Return to “Feature Requests”