Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED ssh to IPv6 address on non default port

Discussion in 'General Discussion' started by kernow, Feb 25, 2017.

Tags:
  1. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    920
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Have this problem on several servers we run. I can ssh to a remote servers IPv4 address successfully on the default port 22 and any other port I change the remote servers ssh port to.
    I can successfully ssh to the remote servers IPv6 address but only if its on port 22, if I change the ssh port on the remote server to another port, restart sshd, then try to connect the connection hangs before timing out. No error messages. Disabling the firewall makes no difference.
    I am of course using the p switch eg: ssh -pxxx user@IPv6 address.
    Also tried with ssh -6 -pxxx user@IPv6 address.
    Any ideas what up?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 kernow, Feb 25, 2017
  2. NOC_Serverpoint

    NOC_Serverpoint Well-Known Member

    Joined:
    Jul 3, 2016
    Messages:
    102
    Likes Received:
    6
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    Hi,

    The IPv6 Firewall script helps you manage your IPv6 firewall. Any user with root privileges can run the IPv6 Firewall script. Run this script if either of the following statements are true:
    You do not need to manage your IPv6 firewall rules with any other tools or utilities.
    You are unable to connect to your IPv6 addresses or IPv6 enabled websites on port 80.
    Run the /usr/local/cpanel/scripts/configure_rh_ipv6_firewall_for_cpanel script to perform the following actions:
    Open port 22 for SSH
    Open port 53 for DNS
    Open port 80 for HTTP
    Note:
    The rules that the IPv6 firewall script creates are persistent, and they remain active even if you reboot the server.

    So please open the port using the following script.

    Article:

    Enable IPv6 - 11.46 Documentation - cPanel Documentation

    Thanks,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 NOC_Serverpoint, Feb 26, 2017
  3. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    920
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Thanks, I have read that info already. But as I already said it works OK on port 22 . Everything else works including our IPv6 websites and IPv6 nameservers.
    We use use CSF so we shouldn't need to run the cpanel IPv6 script.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 kernow, Feb 26, 2017
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,884
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Does the issue persist if you remove this server's entry from your local known_hosts file?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, Feb 27, 2017
  5. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    920
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Yes, sadly it does.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 kernow, Feb 27, 2017
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,884
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Could you let us know what "ListenAddress" entries are added to the /etc/ssh/sshd_config file on this system?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 cPanelMichael, Feb 28, 2017
  7. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    920
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    No specific addresses are assigned so its just the defaults:
    Code:
    #AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 kernow, Feb 28, 2017
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,884
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 cPanelMichael, Feb 28, 2017
  9. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    920
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    ticket # 8273427
    Eventually fixed by:
    1) add the remote ssh server port to connecting server CSF: Allow outgoing IPv6 TCP ports
    2) Put the IPV6 addr enclosed in square brackets in the hosts.allow file. Example:
    sshd : [2801:db8:2:1::] : allow
    3) Add full IPv6 range /64 to CSF allow.
    Note, none of the above needed when remote server uses default ssh port 22
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #9 kernow, Mar 3, 2017
  10. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,884
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    I'm happy to see the issue was addressed. Thank you for updating us with the outcome.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #10 cPanelMichael, Mar 3, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - IPv6 address default
  1. rangka_kacang

    SOLVED Assign IPv6 Address / IPv6 Ranges issues

    rangka_kacang, Feb 1, 2018, in forum: Bind/DNS/Nameserver
    Replies:
    9
    Views:
    712
    cPanelMichael
    Feb 12, 2018
  2. tmcstom

    SOLVED Internal error: invalid IPv6 address

    tmcstom, Sep 6, 2017, in forum: E-mail Discussion
    Replies:
    8
    Views:
    1,173
    Phurx
    Nov 23, 2017
  3. amin alnasra

    SOLVED IPv6 Addresses in DNS zones after transfer

    amin alnasra, Aug 5, 2017, in forum: Bind/DNS/Nameserver
    Replies:
    2
    Views:
    481
    cPanelMichael
    Apr 23, 2018
  4. stoneage

    RBLs - unable to whitelist ipv6 addresses

    stoneage, Jun 15, 2017, in forum: E-mail Discussion
    Replies:
    3
    Views:
    692
    stoneage
    Jul 6, 2017
  5. ramorse

    Getting IPV6 Addresses

    ramorse, May 26, 2017, in forum: Bind/DNS/Nameserver
    Replies:
    1
    Views:
    461
    Infopro
    May 26, 2017

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice