From owner-freebsd-security  Tue Feb 20 17:45:15 2001
Delivered-To: freebsd-security@freebsd.org
Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97])
	by hub.freebsd.org (Postfix) with ESMTP id 6D5CD37B491
	for <security@FreeBSD.ORG>; Tue, 20 Feb 2001 17:45:12 -0800 (PST)
	(envelope-from itojun@itojun.org)
Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1])
	by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id KAA28395;
	Wed, 21 Feb 2001 10:44:33 +0900 (JST)
To: "Peter C. Lai" <sirmoo@cowbert.2y.net>
Cc: "Thomas Cannon" <tcannon@noops.org>,
	"Geoffrey T. Falk" <gtf@cirp.org>, security@FreeBSD.ORG
In-reply-to: sirmoo's message of Tue, 20 Feb 2001 20:40:47 EST.
      <000d01c09ba7$50558700$1e9e6389@137.99.156.23>
X-Template-Reply-To: itojun@itojun.org
X-Template-Return-Receipt-To: itojun@itojun.org
X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD  90 5F B4 60 79 54 16 E2
Subject: Re: IPv6 risk with ssh?
From: itojun@iijlab.net
Date: Wed, 21 Feb 2001 10:44:33 +0900
Message-ID: <28392.982719873@coconut.itojun.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>iirc ssh's ipv46 is ipv6 translation to ipv4 via the faith device. can
>someone comment on this? (i could be wrong).

	no.  the "tcp46" line is for sshd listening to AF_INET6 wildcard socket,
	which may grab both IPv4/v6 traffic (if you run fstat, you will see it
	more clearer).  if you would like to disable the AF_INET6 listening
	socket by sshd, have the following line in /etc/sshd_config:

	ListenAddress 0.0.0.0

	or "sshd -4" should do it.

itojun

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message