My internal network is IPv6, and ADM advertises itself over mDNS/Avahi with the IPv6 address.
However, the SSHD running on ADM only listens at the IPv4 address. Could we please get it listening on the IPv6 interface as well?
This is really inconvenient, as I need to get into the ADM webui to get the IPv4 address every time.
SSH should listen on IPv6 addresses as well
Moderator: Lillian.W@AST
-
- Posts: 15
- youtube meble na wymiar Warszawa
- Joined: Fri May 22, 2020 10:07 pm
- father.mande
- Posts: 1810
- Joined: Sat Sep 12, 2015 2:55 am
- Location: La Rochelle (France)
Re: SSH should listen on IPv6 addresses as well
Hi,
... I change my private port to 22 as default ... nothing other to the default conf. file.
first line if for all IP V4
second line is for ALL V6
If your version of ADM don't have netstat (I don't remember) use Entware APKG to add up to 2000+ packages including network tools ...
Philippe.
If I run a : /bin/netstat -lpt | grep sshd the result show that IPV4 AND IPV6 are listening for incoming connection ... can you verify ?doccaz wrote:My internal network is IPv6, and ADM advertises itself over mDNS/Avahi with the IPv6 address.
However, the SSHD running on ADM only listens at the IPv4 address. Could we please get it listening on the IPv6 interface as well?
This is really inconvenient, as I need to get into the ADM webui to get the IPv4 address every time.
... I change my private port to 22 as default ... nothing other to the default conf. file.
Code: Select all
/bin/netstat -lpt
...
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1420/sshd [listener
...
tcp 0 0 :::22 :::* LISTEN 1420/sshd [listener
...
second line is for ALL V6
If your version of ADM don't have netstat (I don't remember) use Entware APKG to add up to 2000+ packages including network tools ...
Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
-
- Posts: 15
- Joined: Fri May 22, 2020 10:07 pm
Re: SSH should listen on IPv6 addresses as well
Thanks for the reply.
Indeed it is listening on IPv6, but if I try to log in using the IPv6 address, I get:
kex_exchange_identification: read: Connection reset by peer
... and I'm disconnected. Nothing is logged in /var/log/messages.
It might be the fact that ADM Defender doesn't seem to support IPv6 addresses/subnets at all.
Indeed it is listening on IPv6, but if I try to log in using the IPv6 address, I get:
kex_exchange_identification: read: Connection reset by peer
... and I'm disconnected. Nothing is logged in /var/log/messages.
It might be the fact that ADM Defender doesn't seem to support IPv6 addresses/subnets at all.
- father.mande
- Posts: 1810
- Joined: Sat Sep 12, 2015 2:55 am
- Location: La Rochelle (France)
Re: SSH should listen on IPv6 addresses as well
Hi,
If it's linked to ADM Defender ... open a ticket to the support
But did you try the standard tcp wrappers ? in ipv6 some times we need to add the client address to /etc/hosts.allow (error know in Fedora for ssh on IPV6 for ex.)
try it, if by chance this works (no idea) you must add this at each boot, if I remember /etc is rebuild each time for a part . and added file are not keep.
Philippe.
If it's linked to ADM Defender ... open a ticket to the support
But did you try the standard tcp wrappers ? in ipv6 some times we need to add the client address to /etc/hosts.allow (error know in Fedora for ssh on IPV6 for ex.)
try it, if by chance this works (no idea) you must add this at each boot, if I remember /etc is rebuild each time for a part . and added file are not keep.
Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
- Nazar78
- Posts: 2002
- Joined: Wed Jul 17, 2019 10:21 pm
- Location: Singapore
- Contact:
Re: SSH should listen on IPv6 addresses as well
The ADM SSHD was compiled in such a way that it doesn't support syscall for setsockopt IPV6_TCLASS 16. Not sure why I didn't really look into this but you can ask Asustor Support because IPv6 works fine (even though the error exists) in chroot and LXC environment using the same kernel.
But if you really insist on IPv6, setup a tunnel or proxy. I have a dual stack IPv4/IPv6, most of my connection goes through IPv6 while IPv4 is reserved for legacy usage like older IoT and stream cast.
I did mine in chroot but you can do however you like, i.e. in docker, LXC, Entware or even VM (with proper settings but best to avoid VM due to overheads).
Here's my nginx reverse proxy settings in chroot, I made it listen to port 22122 to avoid conflict with the default port OR you can change the default port in ADM Services -> Terminal to 22122 then use 22 here, then open up my this port in my IPv6 firewall:
Edited: Think you should be able to modify the ADM built-in nginx by adding the above and it should be persistent on reboots. Edit this file /volume0/usr/builtin/etc/nginx/nginx.conf add the above then give the daemon a SIGHUP.
I usually ssh to my AAAA IPv6 DNS records domain name but here's a sample in plain IPv6:
But if you really insist on IPv6, setup a tunnel or proxy. I have a dual stack IPv4/IPv6, most of my connection goes through IPv6 while IPv4 is reserved for legacy usage like older IoT and stream cast.
I did mine in chroot but you can do however you like, i.e. in docker, LXC, Entware or even VM (with proper settings but best to avoid VM due to overheads).
Here's my nginx reverse proxy settings in chroot, I made it listen to port 22122 to avoid conflict with the default port OR you can change the default port in ADM Services -> Terminal to 22122 then use 22 here, then open up my this port in my IPv6 firewall:
Code: Select all
stream {
upstream ssh {
server localhost:22;
}
server {
listen [::]:22122;
proxy_pass ssh;
}
}
I usually ssh to my AAAA IPv6 DNS records domain name but here's a sample in plain IPv6:
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response