SOLVED ssh to IPv6 address on non default port

[kernow]

Have this problem on several servers we run. I can ssh to a remote servers IPv4 address successfully on the default port 22 and any other port I change the remote servers ssh port to.
I can successfully ssh to the remote servers IPv6 address but only if its on port 22, if I change the ssh port on the remote server to another port, restart sshd, then try to connect the connection hangs before timing out. No error messages. Disabling the firewall makes no difference.
I am of course using the p switch eg: ssh -pxxx [email protected] address.
Also tried with ssh -6 -pxxx [email protected] address.
Any ideas what up?

 

[NOC_Serverpoint]

Hi,

The IPv6 Firewall script helps you manage your IPv6 firewall. Any user with root privileges can run the IPv6 Firewall script. Run this script if either of the following statements are true:
You do not need to manage your IPv6 firewall rules with any other tools or utilities.
You are unable to connect to your IPv6 addresses or IPv6 enabled websites on port 80.
Run the /usr/local/cpanel/scripts/configure_rh_ipv6_firewall_for_cpanel script to perform the following actions:
Open port 22 for SSH
Open port 53 for DNS
Open port 80 for HTTP
Note:
The rules that the IPv6 firewall script creates are persistent, and they remain active even if you reboot the server.

So please open the port using the following script.

Article:

Enable IPv6 - 11.46 Documentation - cPanel Documentation

Thanks,

 

[kernow]

Thanks, I have read that info already. But as I already said it works OK on port 22 . Everything else works including our IPv6 websites and IPv6 nameservers.
We use use CSF so we shouldn't need to run the cpanel IPv6 script.

 

[cPanelMichael]

Hello,

Does the issue persist if you remove this server's entry from your local known_hosts file?

Thank you.

 

[kernow]

Yes, sadly it does.

 

[cPanelMichael]

Hello,

Could you let us know what "ListenAddress" entries are added to the /etc/ssh/sshd_config file on this system?

Thank you.

 

[kernow]

No specific addresses are assigned so its just the defaults:

#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

 

[cPanelMichael]

Hello,

Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[kernow]

ticket # 8273427
Eventually fixed by:
1) add the remote ssh server port to connecting server CSF: Allow outgoing IPv6 TCP ports
2) Put the IPV6 addr enclosed in square brackets in the hosts.allow file. Example:
sshd : [2801:db8:2:1::] : allow
3) Add full IPv6 range /64 to CSF allow.
Note, none of the above needed when remote server uses default ssh port 22

 

[cPanelMichael]

Hello,

I'm happy to see the issue was addressed. Thank you for updating us with the outcome.