Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED ssh to IPv6 address on non default port

Discussion in 'General Discussion' started by kernow, Feb 25, 2017.

Tags:
  1. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    907
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Have this problem on several servers we run. I can ssh to a remote servers IPv4 address successfully on the default port 22 and any other port I change the remote servers ssh port to.
    I can successfully ssh to the remote servers IPv6 address but only if its on port 22, if I change the ssh port on the remote server to another port, restart sshd, then try to connect the connection hangs before timing out. No error messages. Disabling the firewall makes no difference.
    I am of course using the p switch eg: ssh -pxxx user@IPv6 address.
    Also tried with ssh -6 -pxxx user@IPv6 address.
    Any ideas what up?
     
  2. NOC_Serverpoint

    NOC_Serverpoint Well-Known Member

    Joined:
    Jul 3, 2016
    Messages:
    102
    Likes Received:
    6
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    Hi,

    The IPv6 Firewall script helps you manage your IPv6 firewall. Any user with root privileges can run the IPv6 Firewall script. Run this script if either of the following statements are true:
    You do not need to manage your IPv6 firewall rules with any other tools or utilities.
    You are unable to connect to your IPv6 addresses or IPv6 enabled websites on port 80.
    Run the /usr/local/cpanel/scripts/configure_rh_ipv6_firewall_for_cpanel script to perform the following actions:
    Open port 22 for SSH
    Open port 53 for DNS
    Open port 80 for HTTP
    Note:
    The rules that the IPv6 firewall script creates are persistent, and they remain active even if you reboot the server.

    So please open the port using the following script.

    Article:

    Enable IPv6 - 11.46 Documentation - cPanel Documentation

    Thanks,
     
  3. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    907
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Thanks, I have read that info already. But as I already said it works OK on port 22 . Everything else works including our IPv6 websites and IPv6 nameservers.
    We use use CSF so we shouldn't need to run the cpanel IPv6 script.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Does the issue persist if you remove this server's entry from your local known_hosts file?

    Thank you.
     
  5. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    907
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Yes, sadly it does.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you let us know what "ListenAddress" entries are added to the /etc/ssh/sshd_config file on this system?

    Thank you.
     
  7. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    907
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    No specific addresses are assigned so its just the defaults:
    Code:
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  9. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    907
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    ticket # 8273427
    Eventually fixed by:
    1) add the remote ssh server port to connecting server CSF: Allow outgoing IPv6 TCP ports
    2) Put the IPV6 addr enclosed in square brackets in the hosts.allow file. Example:
    sshd : [2801:db8:2:1::] : allow
    3) Add full IPv6 range /64 to CSF allow.
    Note, none of the above needed when remote server uses default ssh port 22
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm happy to see the issue was addressed. Thank you for updating us with the outcome.
     
Loading...

Share This Page