Date: Wed, 10 Feb 2021 14:04:30 -0600 From: Doug McIntyre <merlyn@geeks.org> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Permission denied via ssh over ipv6 Message-ID: <YCQ8TqfTDDHGctZs@geeks.org> In-Reply-To: <CAPDFJPj5Hfbnym0Ry5w-d2COw2RaUBift5nem0wkvdAC%2B4qXnQ@mail.gmail.com> References: <CAPDFJPjF19_9kRG0ff5r0cmD=-GpnYjdZNaCTyJEj-Bogw0qEw@mail.gmail.com> <YCNsdWk019SBpLdg@geeks.org> <CAPDFJPjL8EdVfeH43=35cLxRGyE388JYY9qD5JB=gsdwhTh6ag@mail.gmail.com> <65d54e7c-9d2c-ec74-1c1c-b0d87bfed6c1@yuripv.dev> <CAPDFJPj5Hfbnym0Ry5w-d2COw2RaUBift5nem0wkvdAC%2B4qXnQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
And nothing interesting is logged into `/var/log/auth.log` ? Interesting. I can tell you that ssh works from 12.2 systems to other 12.2 systems over IPv6 for me. All my systems do have proper reverse-forward-reverse IPv6 DNS setup though. I don't know what the behavior is if it lacks reverse DNS in IPv6, but if there is a reverse that doesn't match a forward, then SSH will kick you out. You could always run a local nameserver that is authoritative for your IPv6 reverses as a test, but thats a large uptaking. On Wed, Feb 10, 2021 at 05:13:16PM +0800, PstreeM China wrote: > my fault. > the system i mentioned in the original question "FreeBSD 12.2" is the ssh > server. > for this case, the system which i used as the client is also FreeBSD 12.2. > > test from other host(from different network ) as the client to ssh to the " > 2607:f130::6287", it's the same issue. > test from the localhost (the host config the ipv6 address as 2607:f130::628 > ), use the command: %ssh myuser@2607:f130::628, it's work well. > > I don't know what is the problem, how to fix. > > BR//Ming > > > > On Wed, Feb 10, 2021 at 4:47 PM Yuri Pankov <yuripv@yuripv.dev> wrote: > > > PstreeM China wrote: > > > hi: > > > > > > thanks for your quickly reply. > > > ssh -vvv log as below, we can see the connection has already established, > > > but after input the password, it's not work.. > > > i'am sure the password is right, try modify the passwd has the same > > issue. > > > > > > about the DNS PTRs, how should i do ? the source is my home pc, not have > > > DNS domain. > > > > > > -------------------------------- > > > rpi% ssh myuser@2607:f130::6287 -vvv > > > OpenSSH_7.9p1, OpenSSL 1.1.1h-freebsd 22 Sep 2020 > > [...] > > > debug1: Local version string SSH-2.0-OpenSSH_7.9 FreeBSD-20200214 > > > debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 > > [...] > > > Permission denied, please try again. > > > myuser@2607:f130::6287's password: > > > > From your original question it's not clear whether FreeBSD 12.2 system > > is the client or server, and given the above I'm guessing it's the > > former as remote version doesn't say "FreeBSD" and is otherwise > > outdated; correct? > > > > Also, are you able to connect to 2607:f130::6287 from any other host to > > make sure it's correct address to use and is accepting v6 connections? > > > > > On Wed, Feb 10, 2021 at 1:18 PM Doug McIntyre <merlyn@geeks.org> wrote: > > > > > >> On Wed, Feb 10, 2021 at 11:47:08AM +0800, PstreeM China wrote: > > >>> Very thanks, this problem has searched from google, but not find the > > >>> solution to fix this issue. > > >>> > > >>> new install FreeBSD in virtual machine. > > >>> Freebsd version is 12.2 > > >>> Duel stack support ipv4 and ipv6; enable sshd as default. > > >>> I can ping the ipv4 and ipv6 address. > > >>> > > >>> The problem is: > > >>> SSH over ipv4 is work well. > > >>> But ssh over ipv6, Can be connected, but after input the password, it > > is > > >>> failed , give the notify : permission denied. > > >>> can not log into the server. > > >>> I am sure the password is right. > > >> > > >> > > >> Have you run 'ssh -vvv' to see all the very verbose debug information? > > >> > > >> Do you have proper DNS PTRs setup for your IPv6 block? It could be > > >> blocked by mismatch reverse DNS. > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YCQ8TqfTDDHGctZs>