ssh3 icon indicating copy to clipboard operation
ssh3 copied to clipboard
verified publisher icon francoismichel

ssh3 bind only ipv6

Open vaminakov opened this issue 2 years ago • 4 comments

I'm running ssh3 with the following options (Arch Linux, go 1.21.5):

./ssh3-server -cert /etc/mycert/fullchain.pem -key /etc/mycert/privkey.pem -url-path /ssh3 -bind 0.0.0.0:444 -enable-password-login -v

But it's impossible to connect to server through ipv4 address. When I started debugging the problem, I realized that server is binding only ipv6:

~ # netstat -tulpan | grep 444 udp6 0 0 :::444 :::* 3510885/./ssh3-serv

Any other configuration changes (with -bind) were unsuccessful.

vaminakov avatar Dec 18 '23 13:12 vaminakov

Usually, binding to :: binds both address families, there must be something else going wrong.

starcraft66 avatar Dec 18 '23 17:12 starcraft66

Hmm, I cannot reproduce the problem, even on ipv4-only hosts, and I added an integration test for both ipv4 and ipv6.

Could you provide me with exact commands to reproduce the problem and client/server logs with both -v and the SSH3_LOG_LEVEL=debug environment variable set ?

Thanks !

francoismichel avatar Dec 18 '23 22:12 francoismichel

With debug:

10:49AM INF Server started, listening on 0.0.0.0:444/ssh3

~ # netstat -tulpan | grep 444 udp6 0 0 :::444 :::* 3748226/./ssh3-serv

10:50AM INF Server started, listening on [::]:444/ssh3

~ # netstat -tulpan | grep 444 udp6 0 0 :::444 :::* 3748327/./ssh3-serv

10:50AM INF Server started, listening on 127.0.0.1:444/ssh3

~ # netstat -tulpan | grep 444 udp 0 0 127.0.0.1:444 0.0.0.0:* 3748446/./ssh3-serv

So it listening ipv4 only when bind localhost in ipv4 (127.0.0.1). When binding 0.0.0.0, it still listening ipv6 only. Later i'll try to compile server with another environment and let you know about result.

vaminakov avatar Dec 19 '23 07:12 vaminakov

ssh3-server passes the -bind arg to quic-go, that itself interprets the address the same way as net.Dial.

When 0.0.0.0 is passed, then it listens on every IP of the system, including both IPv4 and IPv6 addresses. I checked on my Fedora system, netstat lists it as udp6 but the server responds requests towards both [::1]:444 and 127.0.0.1:444.

So there might be a wierd behaviour in Arch or something wrong on the ssh3 client instead of the server. Could you provide me the verbose output of the unsuccessful client connection ?

Thank you !

francoismichel avatar Dec 19 '23 17:12 francoismichel