Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED ssh to IPv6 address on non default port

Discussion in 'General Discussion' started by kernow, Feb 25, 2017.

Tags:
  1. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    920
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Have this problem on several servers we run. I can ssh to a remote servers IPv4 address successfully on the default port 22 and any other port I change the remote servers ssh port to.
    I can successfully ssh to the remote servers IPv6 address but only if its on port 22, if I change the ssh port on the remote server to another port, restart sshd, then try to connect the connection hangs before timing out. No error messages. Disabling the firewall makes no difference.
    I am of course using the p switch eg: ssh -pxxx user@IPv6 address.
    Also tried with ssh -6 -pxxx user@IPv6 address.
    Any ideas what up?
     
    #1 kernow, Feb 25, 2017
  2. NOC_Serverpoint

    NOC_Serverpoint Well-Known Member

    Joined:
    Jul 3, 2016
    Messages:
    102
    Likes Received:
    6
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    Hi,

    The IPv6 Firewall script helps you manage your IPv6 firewall. Any user with root privileges can run the IPv6 Firewall script. Run this script if either of the following statements are true:
    You do not need to manage your IPv6 firewall rules with any other tools or utilities.
    You are unable to connect to your IPv6 addresses or IPv6 enabled websites on port 80.
    Run the /usr/local/cpanel/scripts/configure_rh_ipv6_firewall_for_cpanel script to perform the following actions:
    Open port 22 for SSH
    Open port 53 for DNS
    Open port 80 for HTTP
    Note:
    The rules that the IPv6 firewall script creates are persistent, and they remain active even if you reboot the server.

    So please open the port using the following script.

    Article:

    Enable IPv6 - 11.46 Documentation - cPanel Documentation

    Thanks,
     
    #2 NOC_Serverpoint, Feb 26, 2017
  3. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    920
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Thanks, I have read that info already. But as I already said it works OK on port 22 . Everything else works including our IPv6 websites and IPv6 nameservers.
    We use use CSF so we shouldn't need to run the cpanel IPv6 script.
     
    #3 kernow, Feb 26, 2017
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,276
    Likes Received:
    1,759
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Does the issue persist if you remove this server's entry from your local known_hosts file?

    Thank you.
     
    #4 cPanelMichael, Feb 27, 2017
  5. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    920
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Yes, sadly it does.
     
    #5 kernow, Feb 27, 2017
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,276
    Likes Received:
    1,759
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you let us know what "ListenAddress" entries are added to the /etc/ssh/sshd_config file on this system?

    Thank you.
     
    #6 cPanelMichael, Feb 28, 2017
  7. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    920
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    No specific addresses are assigned so its just the defaults:
    Code:
    #AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
     
    #7 kernow, Feb 28, 2017
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,276
    Likes Received:
    1,759
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
    #8 cPanelMichael, Feb 28, 2017
  9. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    920
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    ticket # 8273427
    Eventually fixed by:
    1) add the remote ssh server port to connecting server CSF: Allow outgoing IPv6 TCP ports
    2) Put the IPV6 addr enclosed in square brackets in the hosts.allow file. Example:
    sshd : [2801:db8:2:1::] : allow
    3) Add full IPv6 range /64 to CSF allow.
    Note, none of the above needed when remote server uses default ssh port 22
     
    #9 kernow, Mar 3, 2017
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,276
    Likes Received:
    1,759
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm happy to see the issue was addressed. Thank you for updating us with the outcome.
     
    #10 cPanelMichael, Mar 3, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - IPv6 address default
  1. rangka_kacang

    SOLVED Assign IPv6 Address / IPv6 Ranges issues

    rangka_kacang, Feb 1, 2018, in forum: Bind/DNS/Nameserver
    Replies:
    9
    Views:
    455
    cPanelMichael
    Feb 12, 2018
  2. tmcstom

    SOLVED Internal error: invalid IPv6 address

    tmcstom, Sep 6, 2017, in forum: E-mail Discussion
    Replies:
    8
    Views:
    1,037
    Phurx
    Nov 23, 2017
  3. amin alnasra

    IPv6 Addresses in DNS zones after transfer

    amin alnasra, Aug 5, 2017, in forum: Bind/DNS/Nameserver
    Replies:
    2
    Views:
    402
    cPanelMichael
    Apr 23, 2018
  4. stoneage

    RBLs - unable to whitelist ipv6 addresses

    stoneage, Jun 15, 2017, in forum: E-mail Discussion
    Replies:
    3
    Views:
    584
    stoneage
    Jul 6, 2017
  5. ramorse

    Getting IPV6 Addresses

    ramorse, May 26, 2017, in forum: Bind/DNS/Nameserver
    Replies:
    1
    Views:
    403
    Infopro
    May 26, 2017

Share This Page