@Michael Heimann yeah, the idea IS to have a workaround for ssh, and only for it (or some other server-software).
with tempaddr = 2 you have a dynamic and a static ip, and softwares are using the dynamic by default, if not configured otherwise. You can surf (more) anonymously, but your ssh-session uses the static ip, so the session does not die when the tempaddr is discarded. It should be a user decision to use the static ip, the default should be safe for the average user, which means that he's not exposed by a static ip. Server software will bind to all intefaces by default, so a http or ssh server will be reachable on the dynamic address (mostly useless for you) and the static address (useful). Client software which needs long sessions often can be configured to use a specific from-ip, as i showed you the manual for the ssh-client. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/176125 Title: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr) Status in “network-manager” package in Ubuntu: Confirmed Status in “procps” package in Ubuntu: Confirmed Bug description: Binary package hint: procps Some background information: recently "Free ADSL", one of the biggest ISP in France, added IPv6 support possibly exposing 2.5 millions of users to IPv6 The address are configured automatically and by default linux will build it using the MAC address. However this presents a risk of privacy loss: - there is an unique identifier which can be used by website to track the location of a laptop or pda - some information about the model of the network card (other information can be probably derived if you know the serial number of the card) is leaked The following rfc (http://tools.ietf.org/html/draft-ietf-ipngwg-temp- addresses-v2-00) mitigitates this problems by introducing temporary addresses to be used by outgoing connection (in addition to the static address which can be used for incoming connection and have a dns name associated with it). To activate it under linux you just need to activate the following in sysctl: echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr or add "net.ipv6.conf.all.use_tempaddr=2" thanks for protecting the privacy of the clueless users by default :) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/176125/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
