I've been trying to setup ssh exclusively over IPV6 but have run in to a few issues. These are the steps I'm following, theoretically this should just work. Which is why I'm baffled at this point. I researched a few guides going back to version 10.3 and the process seems to be as follows. However when I attempt to ssh in using my IPV6 addy I get this message... "ssh: connect to host port 22: Host is down" port 22 is clearly not down so I'm not sure what that even means. If I disable IPFW then I can log in but the interesting thing is IPFW is configured to accept ssh on port 22! I'm not sure if this is some sort of bug in 11 or if something has changed but I haven't been able to determine why IPFW is behaving differently from 10.3 to 11!
1./etc/ssh/sshd_config
2. /usr/local/etc/IPFW.rules
3.
4.
the last step isn't my literal ssh login info I wouldn't post that for obvious reasons but I've made an inactive IPV6 address for clarification. which is ssh fedora@2001:0db8:85a3:0000:0000:8a2e:0370:7334 | again this address is only an example IPV6 address and is not active.
1./etc/ssh/sshd_config
Code:
Port 22
AddressFamily inet6
ListenAddress ::
AllowUsers username
2. /usr/local/etc/IPFW.rules
Code:
# allow outbound SSH traffic
$cmd 00280 allow tcp from any to any dst-port 22 out via $vif setup keep-state
# SSHguard puts offender addresses in table 22. Set up the table rule
# Please note the '\(22\)' syntax, necessary since it's run as shell command
$cmd 01000 deny ip from table\(22\) to any
# allow inbound ssh, mail. PROTECTED SERVICES: numbered ABOVE sshguard blacklist range
$cmd 56420 allow tcp from any to me dst-port 22 in via $vif setup limit src-addr 2
sysctl net.inet6.ip6.fw.enable=1
4.
ssh username@ipv6_address
the last step isn't my literal ssh login info I wouldn't post that for obvious reasons but I've made an inactive IPV6 address for clarification. which is ssh fedora@2001:0db8:85a3:0000:0000:8a2e:0370:7334 | again this address is only an example IPV6 address and is not active.