Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Feb 2021 14:04:30 -0600
From:      Doug McIntyre <merlyn@geeks.org>
To:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: Permission denied via ssh over ipv6
Message-ID:  <YCQ8TqfTDDHGctZs@geeks.org>
In-Reply-To: <CAPDFJPj5Hfbnym0Ry5w-d2COw2RaUBift5nem0wkvdAC+4qXnQ@mail.gmail.com>
References:  <CAPDFJPjF19_9kRG0ff5r0cmD=-GpnYjdZNaCTyJEj-Bogw0qEw@mail.gmail.com> <YCNsdWk019SBpLdg@geeks.org> <CAPDFJPjL8EdVfeH43=35cLxRGyE388JYY9qD5JB=gsdwhTh6ag@mail.gmail.com> <65d54e7c-9d2c-ec74-1c1c-b0d87bfed6c1@yuripv.dev> <CAPDFJPj5Hfbnym0Ry5w-d2COw2RaUBift5nem0wkvdAC+4qXnQ@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
And nothing interesting is logged into `/var/log/auth.log` ?
Interesting.
I can tell you that ssh works from 12.2 systems to other 12.2 systems over IPv6 for me.

All my systems do have proper reverse-forward-reverse IPv6 DNS setup though.

I don't know what the behavior is if it lacks reverse DNS in IPv6, but
if there is a reverse that doesn't match a forward, then SSH will kick you out.
You could always run a local nameserver that is authoritative for your IPv6 reverses as
a test, but thats a large uptaking.



On Wed, Feb 10, 2021 at 05:13:16PM +0800, PstreeM China wrote:
> my fault.
> the system i mentioned in the original question "FreeBSD 12.2" is the ssh
> server.
> for this case, the system which i used as the client is also FreeBSD 12.2.
> 
> test from other host(from different network ) as the client to ssh to the "
> 2607:f130::6287", it's the same issue.
> test from the localhost (the host config the ipv6 address as 2607:f130::628
> ), use the command: %ssh  myuser@2607:f130::628,  it's work well.
> 
> I don't know what is the problem, how to fix.
> 
> BR//Ming
> 
> 
> 
> On Wed, Feb 10, 2021 at 4:47 PM Yuri Pankov <yuripv@yuripv.dev> wrote:
> 
> > PstreeM China wrote:
> > > hi:
> > >
> > > thanks for your quickly reply.
> > > ssh -vvv log as below, we can see the connection has already established,
> > > but after input the password, it's not work..
> > > i'am sure the password is right, try modify the passwd has the same
> > issue.
> > >
> > > about the DNS PTRs, how should i do ? the source is my home pc, not have
> > > DNS domain.
> > >
> > > --------------------------------
> > > rpi% ssh myuser@2607:f130::6287 -vvv
> > > OpenSSH_7.9p1, OpenSSL 1.1.1h-freebsd  22 Sep 2020
> > [...]
> > > debug1: Local version string SSH-2.0-OpenSSH_7.9 FreeBSD-20200214
> > > debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
> > [...]
> > > Permission denied, please try again.
> > > myuser@2607:f130::6287's password:
> >
> >  From your original question it's not clear whether FreeBSD 12.2 system
> > is the client or server, and given the above I'm guessing it's the
> > former as remote version doesn't say "FreeBSD" and is otherwise
> > outdated; correct?
> >
> > Also, are you able to connect to 2607:f130::6287 from any other host to
> > make sure it's correct address to use and is accepting v6 connections?
> >
> > > On Wed, Feb 10, 2021 at 1:18 PM Doug McIntyre <merlyn@geeks.org> wrote:
> > >
> > >> On Wed, Feb 10, 2021 at 11:47:08AM +0800, PstreeM China wrote:
> > >>> Very thanks, this problem has searched from google, but not find the
> > >>> solution to fix this issue.
> > >>>
> > >>> new install FreeBSD in virtual machine.
> > >>> Freebsd version is 12.2
> > >>> Duel stack support ipv4 and ipv6; enable sshd as default.
> > >>> I can ping the ipv4 and ipv6 address.
> > >>>
> > >>> The problem is:
> > >>> SSH over ipv4 is work well.
> > >>> But ssh over ipv6, Can be connected, but after input the password, it
> > is
> > >>> failed , give the notify : permission denied.
> > >>> can not log into the server.
> > >>> I am sure the password is right.
> > >>
> > >>
> > >> Have you run 'ssh -vvv' to see all the very verbose debug information?
> > >>
> > >> Do you have proper DNS PTRs setup for your IPv6 block? It could be
> > >> blocked by mismatch reverse DNS.
> >



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?YCQ8TqfTDDHGctZs>