[Bug 713002] Re: Impossible to disable IPv4
** Tags added: testcase -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/713002/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
This bug was fixed in the package openssh - 1:4.7p1-8ubuntu3 --- openssh (1:4.7p1-8ubuntu3) hardy-proposed; urgency=low * Merge 1:4.7p1-8ubuntu1.1 and 1:4.7p1-8ubuntu1.2 from hardy-security. openssh (1:4.7p1-8ubuntu2) hardy-proposed; urgency=low * Backport from upstream: - Only listen for IPv6 connections on AF_INET6 sockets (LP: #713002). -- Colin WatsonWed, 02 Mar 2011 10:53:07 + ** Changed in: openssh (Ubuntu Hardy) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
ssh-vulnkey and ssh’ing out WFM too. Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
** Tags added: verification-done ** Tags removed: verification-needed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
new version in hardy-proposed 1:4.7p1-8ubuntu3 also works FINE. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
Accepted openssh into hardy-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Tags removed: verification-failed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
Should I test again? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
I've uploaded 1:4.7p1-8ubuntu3 now, which contains the changes from hardy-security. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
Whoops, thanks! I'll merge these back together. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
NACK on this update. Package currently in proposed is missing changes from 1:4.7p1-8ubuntu1.1 and 1:4.7p1-8ubuntu1.2. See bug #722505 ** Tags added: verification-failed ** Tags removed: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
** Tags added: verification-done ** Tags removed: verification-needed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
Pakcage from hardy-proposed works FINE. Thanks. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
Accepted openssh into hardy-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Changed in: openssh (Ubuntu Hardy) Status: Triaged => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
Thanks for testing! I've uploaded this change to hardy-proposed; it's currently waiting for approval. Once it's published there (you'll be notified by way of a comment in this bug), it would be helpful if you could validate that that version also works, so that it can be promoted to hardy-updates. ** Description changed: + Stable release update justification: + + Impact: IPv4 access to IPv6-only OpenSSH servers cannot be disabled in Ubuntu 8.04 LTS. On systems where IPv4 connectivity is present but IPv6 is primary (which is currently fairly rare, but seems likely to become much more common over the remaining lifetime of 8.04) this will have confusing effects on access control. + Development branch: Fixed upstream for OpenSSH 4.9p1 (http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/5290). + Patch: See "Development branch" - the patch applies cleanly. + TEST CASE: Either of the two sshd_config options in the original report below should disable IPv4 access (test with 'ssh -4') and leave IPv6 access intact (test with 'ssh -6'). + Regression potential: The most likely problem is a socket that becomes IPv6-only but was somehow important for IPv4 access. I suggest testing that IPv4 access remains unimpaired, and in particular I think it would be worth testing X forwarding. + + Original report: + Last week I changed our infrastructure so that our ~20 Ubuntu boxes can only be managed with SSH via IPv6. To do this I added "ListenAddress ::1" to sshd_config. This seems to work fine on our 10.04LTS boxes (OpenSSH_5.3p1 Debian-3ubuntu), but this configuration does not work on our 8.04LTS boxes: they are still reachable via IPv4. - The same thing goes for "AddressFamiliy inet6", that options works on + The same thing goes for "AddressFamily inet6", that options works on 10.04, but not on 8.04. Classified as security bug, although I realise that probably not many are affected by this. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
Confirmed, the patched version works as expected, both options actually work! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
Fixed in newer releases, as you say. I suspect that this may be the upstream commit responsible for fixing it, which would mean that it was fixed in OpenSSH 4.9p1: http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/5290 I've applied this patch to version 1:4.7p1-8ubuntu2~ppa1 in this archive: https://launchpad.net/~cjwatson/+archive/openssh Could you please try it out and report whether it fixes this problem? ** Changed in: openssh (Ubuntu) Status: New => Fix Released ** Changed in: openssh (Ubuntu Hardy) Importance: Undecided => Medium ** Changed in: openssh (Ubuntu Hardy) Status: New => Triaged ** Changed in: openssh (Ubuntu Hardy) Assignee: (unassigned) => Colin Watson (cjwatson) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
** Also affects: openssh (Ubuntu Hardy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 713002] Re: Impossible to disable IPv4
** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs