Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sshd: fix startWhenNeeded and listenAddresses combination for ipv6 #56340

Closed
wants to merge 1 commit into from

Conversation

@uvNikita
Copy link
Contributor

uvNikita commented Feb 25, 2019

Motivation for this change

This is a continuation of #56326, @vcunat made a good comment regarding ipv6 support: #56326 (comment)

systemd.socket ListenSteam option requires ipv6 address to be enclosed
in brackets, see https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream=.

In this implementation, I just check for colon in IP address string, which is not perfect but I'm not sure we need a full ipv6 regex for this purpose either.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

systemd.socket ListenSteam option requires ipv6 address to be enclosed
in brackets, see https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream=.
@uvNikita uvNikita requested a review from Infinisil as a code owner Feb 25, 2019
@uvNikita

This comment has been minimized.

Copy link
Contributor Author

uvNikita commented Feb 25, 2019

@uvNikita

This comment has been minimized.

Copy link
Contributor Author

uvNikita commented Feb 25, 2019

Hmm, according to https://linux.die.net/man/5/sshd_config, ListenAddress parameter in sshd understands [ipv6]:port notation as well, so I'm not sure if we need to patch this.

@lheckemann

This comment has been minimized.

Copy link
Member

lheckemann commented Feb 25, 2019

Yeah, if I understand correctly, passing addr = "::1" wouldn't actually have worked anyway, and this change here would break addr = "[::1]".

@uvNikita

This comment has been minimized.

Copy link
Contributor Author

uvNikita commented Feb 25, 2019

yeah, you are right. Closing this one then.

@uvNikita uvNikita closed this Feb 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.