Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Dev
ProxyJump does not accept IPv6 for the intermediate host?
adam.kalisz at gmail
Mar 13, 2024, 4:19 AM
Post #1 of 4 (70 views)
Permalink
Hello,

it seems I cannot use:

$ ssh -J root@2a01:4f8:1c1e:528d::1 root@west-coast
Invalid -J argument

(The west-coast is stored on the jump host in between in /etc/hosts.)

$ ssh -J root@167.235.141.44 root@west-coast

Works as expected. Also

$ ssh root@2a01:4f8:1c1e:528d::1

does work as expected. I do have native IPv6.

This is on Debian 12 Bookworm:
$ ssh -V
OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023

The workaround seems to be to define the host used in ProxyJump in
~/.ssh/config then it works with IPv6 too.

Yes, I known I should use IPv6 with DNS which is not the point here.

What have I overlooked?

Thank you for any help.

Adam Kalisz
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: ProxyJump does not accept IPv6 for the intermediate host? [ In reply to ]
b.laessig at pengutronix
Mar 13, 2024, 4:31 AM
Post #2 of 4 (70 views)
Permalink
On Wed, 2024-03-13 at 12:19 +0100, Adam Kalisz wrote:
> Hello,
>
> it seems I cannot use:
>
> $ ssh -J root@2a01:4f8:1c1e:528d::1 root@west-coast
> Invalid -J argument
>
$ ssh -J root@[2a01:4f8:1c1e:528d::1] root@west-coast

would work for me.

greeting
Björn



_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: ProxyJump does not accept IPv6 for the intermediate host? [ In reply to ]
stu at spacehopper
Mar 13, 2024, 4:36 AM
Post #3 of 4 (70 views)
Permalink
On 2024/03/13 12:19, Adam Kalisz wrote:
> Hello,
>
> it seems I cannot use:
>
> $ ssh -J root@2a01:4f8:1c1e:528d::1 root@west-coast
> Invalid -J argument
>
> (The west-coast is stored on the jump host in between in /etc/hosts.)
>
> $ ssh -J root@167.235.141.44 root@west-coast
>
> Works as expected. Also
>
> $ ssh root@2a01:4f8:1c1e:528d::1
>
> does work as expected. I do have native IPv6.
>
> This is on Debian 12 Bookworm:
> $ ssh -V
> OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
>
> The workaround seems to be to define the host used in ProxyJump in
> ~/.ssh/config then it works with IPv6 too.
>
> Yes, I known I should use IPv6 with DNS which is not the point here.
>
> What have I overlooked?

$ ssh -J root@[2a01:4f8:1c1e:528d::1] root@west-coast
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: ProxyJump does not accept IPv6 for the intermediate host? [ In reply to ]
adam.kalisz at gmail
Mar 13, 2024, 6:48 AM
Post #4 of 4 (70 views)
Permalink
On Wed, 2024-03-13 at 11:41 +0000, Job Snijders wrote:
> On Wed, Mar 13, 2024 at 12:19:24PM +0100, Adam Kalisz wrote:
> > it seems I cannot use:
> >
> > $ ssh -J root@2a01:4f8:1c1e:528d::1 root@west-coast
> > Invalid -J argument
>
> Try this:
>
>     $ ssh -J root@[2a01:4f8:1c1e:528d::1] root@west-coast

Thank you all for helping with the syntax.

> Literal IPv6 addresses should be enclosed in square brackets, to
> avoid
> ambiguity between a colon-delimited port number and an IPv6 address.
>
> Perhaps the -J documentation should point that out more explicitly?
>
> Index: ssh.1
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/ssh.1,v
> diff -u -p -r1.438 ssh.1
> --- ssh.1       11 Oct 2023 23:14:33 -0000      1.438
> +++ ssh.1       13 Mar 2024 11:37:57 -0000
> @@ -331,6 +331,7 @@ connection to the jump host described by
>  and then establishing a TCP forwarding to the ultimate destination
> from
>  there.
>  Multiple jump hops may be specified separated by comma characters.
> +IPv6 addresses can be specified by enclosing the address in square
> brackets.
>  This is a shortcut to specify a
>  .Cm ProxyJump
>  configuration directive.

This would be helpful! It should probably be noted that this syntax is
only valid in the -J/ ProxyJump context. Because:

$ ssh root@[2a01:4f8:1c1e:528d::1]
ssh: Could not resolve hostname [2a01:4ff:1f0:e68b::1]:: Name or service not known

does not work.

Thank you all for the prompt help!
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal