Re: IPv6 temporary address and SSH

[Wolfgang Solfrank <Wolfgang%Solfrank.net@localhost>]

Hi,

>      > I don't understand what you mean at all.  Do the servers have permanent
>      > addresses in DNS?  What do you need to change, and why?  Is this about
>      > outgoing source addr selection on such machines/
>
> I wondered the same thing; I think it must mean to avoid temporary addresses
> for the local side.  Is there a programmatic way to state that requirement to
> the kernel?   If so, it's news to me.  There ought to be though.

Yes, there is.  Actually even more than one.  Unfortunately,
AFAICT all of them are undocumented.

There doesn't even exist any documentation for the
sysctl knob net.inet6.ip6.prefer_tempaddr, which allows a
system wide specification for this.   Albeit, that one can
probably considered superfluous, as if you don't want to
use temporary addresses system wide, you can esaily just
avoid configuring any of them.

One way to disable the use of temporary addresses in one
application would be to walk the addresses returned by
getiaddrs(3) and look in the ifa_addrflags for the flag
IN6_IFF_TEMPORARY.  Then you would bind the socket
to an address with or without that flag.  You'll be able to
see how this works, when my patch is ready, as this
approach is neccessary for the case where BindInterface
is specified in the ssh_config.

But there is an even simpler way if you want to select/
avoid any temporary address:   You can setsockopt(2)
the IPV6_PREFER_TEMPADDR on the socket to either
IP6PO_TEMPADDR_PREFER or IP6PO_TEMPADDR_NOTPREFER.

Ciao,
Wolfgang
--
Wolfgang%Solfrank.net@localhost				Wolfgang Solfrank