how to ssh to a ipv6 ubuntu in a LAN?

62

20

I'm able to ping my Ubuntu box via command: (where c2h2ttt is listed in /etc/hosts)

c2h2@c2h2crawler:~/ttt$ ping6 -I eth1 c2h2ttt
PING c2h2ttt(c2h2ttt) from fe80::21b:21ff:fe22:e865 eth1: 56 data bytes
64 bytes from c2h2ttt: icmp_seq=1 ttl=64 time=10.3 ms
64 bytes from c2h2ttt: icmp_seq=2 ttl=64 time=2.06 ms
64 bytes from c2h2ttt: icmp_seq=3 ttl=64 time=1.33 ms

And when I try ssh -6 c2h2ttt it shows: 

c2h2@c2h2crawler:~/ttt$ ssh -6 c2h2ttt
ssh: connect to host c2h2ttt port 22: Invalid argument

What's the correct command?

On the server side /etc/ssh/sshd_config has:

ListenAddress ::
ListenAddress 0.0.0.0

I was able to ssh to c2h2ttt via ipv4 on port 22. and netstat -lnt | grep :22 is

root@c2h2think:~# netstat -lnt | grep :22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN

ufw is used and its allowing any inbound traffic on port 22

root@c2h2think:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere

And the iptables configuration:

root@c2h2think:~# ip6tables -L -v -n
Chain INPUT (policy DROP 55 packets, 10758 bytes)
pkts bytes target     prot opt in     out     source               destination 
    0     0 ACCEPT     all      lo     *       ::/0                 ::/0        

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 ACCEPT     all      *      lo      ::/0                 ::/0

c2h2

Posted 2011-01-24T04:30:13.283

Reputation: 1 863

You might need to edit your sshd.conf file and/or restart sshd so it realizes there are new v6 addresses to listen on. – None – 2011-01-24T04:49:53.813

Check what netstat -lnt | grep :22 (open listening numeric tcp sockets | containing :22) says. – ephemient – 2011-01-24T05:22:13.557

You did open port 22 with ip6tables... right? – Ignacio Vazquez-Abrams – 2011-01-24T05:42:13.073

One second i check ip6tables – c2h2 – 2011-01-24T05:48:14.567

Answers

95

Try specifying the interface to the ssh client. The ping6 utility allows you to specify an interface, however ssh does not have a switch for that, you have to use this syntax:

ssh -6 fe80::21b:21ff:fe22:e865%eth1

John T

Posted 2011-01-24T04:30:13.283

Reputation: 149 037

2tried that, worked for me, too! Why does one have to specify the interface? – Max Beikirch – 2015-02-28T21:05:27.757

9@MaxBeikirch because EVERY fully operational network interface will have an fe80: address. So, the system does not know which interface to send the traffic to. This is a traffic routing issue. For other addresses, the system often makes intelligent choices because the computer assigns routes to "nearby" addresses (meaning addresses in the same subnet), but that doesn't work with fe80: since all network interfaces are part of the same subnet. – TOOGAM – 2015-08-17T22:28:59.610

1@TOOGAM How can I specify the interface postfix for a host in ~/.ssh/config? – PVitt – 2016-06-05T16:14:09.097

@PVitt : The usual way is to specify a system identifier (such as an IP address), and then tack on a percent sign, and then an interface name, as demonstrated by the answer which tacked on %eth1 to the end of the IPv6 address. eth1 was the interface identifier. If that doesn't work, check the man page for OpenSSH's file named config, and if that doesn't help, consider making a new question (on SuperUser) with more precise details so we can help you further.

– TOOGAM – 2016-06-05T21:10:36.480

Does it have to be an IP address, or would the host name also work? E.g. ssh -6 c2h2ttt%eth1 – Dmitry Grigoryev – 2017-05-31T14:55:15.187

%eth1 will be needed only for link-local ip6addresses – Ramana Reddy – 2017-11-10T11:18:08.350

2wow, it works thanks! just because the eth1 problem – c2h2 – 2011-01-24T07:24:37.423

9

Link local addresses aren't supposed to be used for SSH, they're for low-level protocol bootstrapping stuff. If you don't have an ISP-provided prefix to use on your network, then generate a unique-local prefix from fd00::/8 instead:

http://en.wikipedia.org/wiki/Unique_local_address

Paul

Posted 2011-01-24T04:30:13.283

Reputation: 99

// , How does one access an IPV6 address that is routable in the global IPv6 Internet, though? – Nathan Basanese – 2015-07-02T08:29:20.887

@NathanBasanese: Your ISP has to provide you with IPv6 service or you set up a tunnel with one of the IPv6 brokers, like Hurricane Electric

– Radu C – 2015-07-07T17:19:36.747

3Link local addresses are network addresses. If you want to use them for SSH, go ahead. Just know how to handle any complication(s), like what this question and John T's answer discuss. I've had a case where a ULA (fd00::/8) did not get assigned as hoped. In that case, SSH using a link-local (fe80::/16) worked great. I avoid link-local only because of the hassle of dealing with the routing (needing to specify an interface), but not because the addresses are technically any less capable of sending or receiving traffic. – TOOGAM – 2015-08-17T22:32:31.293

2

To connect SSH IPv6 you most have IPv6 ISP connectivity on your computer and than try as.

root@hostname[~]# ssh -6 2205:f200:40:401::9ab4:8b43

and this command it will ask first time to confirm SSH key. than type Y/Yes

Note: 2205:f200:40:401::9ab4:8b43 mean Your IPv6. This Only example of IPv6 so don't forget to replace you IPv6.

Shiv Singh

Posted 2011-01-24T04:30:13.283

Reputation: 121

Asked: 2011-01-24T04:30:13.283

Viewed: 155 884 times

Active: 2018-05-30T21:30:51.353