I have a server that I can connect via SSH over IPv4 address. Now I want to SSH over IPv6.
I'm sure that my server is assigned with a valid IPv6 address, and I've configured sshd to listen on v6 address (I set it to [::]:311), but when I run (on my laptop)
ssh -v -6 -p 311 PUBLIC_V6_IP -l same_user_as_v4 -i ~/.ssh/id_rsa
I got the following output:
OpenSSH_5.8p2, OpenSSL 1.0.0d 8 Feb 2011
debug1: Reading configuration data /home/winus/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to PUBLIC_V6_IP [PUBLIC_V6_IP] port 311.
debug1: connect to address PUBLIC_V6_IP port 311: Permission denied
ssh: connect to host PUBLIC_V6_IP port 311: Permission denied
Some extra info:
- My laptop is running Arch Linux, while my server is Ubuntu Server 10.10
- sshd -V on the server shows
OpenSSH_5.5p1 Debian-4ubuntu5, OpenSSL 0.9.8o 01 Jun 2010
- ssh -V on my laptop shows
OpenSSH_5.8p2, OpenSSL 1.0.0d 8 Feb 2011
- ssh -6 ::1 on my laptop is OK.
- ping6 PUBLIC_V6_IP is OK.
- ssh -6 ::1 -p 311 on the server is OK.
- ssh -6 PUBLIC_V6_IP -p 311 on the server is also OK.
Best Answer
Possible causes could be:
Local firewall (
ip6tables
)External firewall on your network (according to some sources, ICMPv6 "Administratively prohibited" error message is interpreted by Linux as EACCESS)
AppArmor, SELinux, Smack (although neither of them is on by default on Arch)
Things you could try:
reset ip6tables rules
connect to the server using other programs (
socat stdio tcp:[2604:....]:311
) and see if they return the same message; test with both same and different portsping6
,traceroute6
, and see if any hop returns "Administratively prohibited" or any other error