Could the issue be that the ssh response is on ipv4, not on ipv6 as expected?
-T On Fri, Sep 9, 2022, 10:34 Paul Heinlein <heinl...@madboa.com> wrote: > On Fri, 9 Sep 2022, Russell Senior wrote: > > > I'm seeing bizarre behavior: host A initiates an ssh -6 to host B; host B > > is a qemu-kvm guest of a kvm host, C. Tcpdump (on the initiating host A > > shows A -> B TCP SYN packet, and a B -> A TCP SYN-ACK reply, but host A > > apparently doesn't recognize it as valid (although, in wireshark they > look > > reasonable to an eyeball), because the connect syscall never returns > (until > > it times out), and the A -> B ACK handshake is never sent. Works fine for > > ssh -4. If A and C are the same host, I see the same behavior. Another > > wrinkle: if A is also a kvm guest of C, I don't see the SYN-ACK, just the > > SYN. The kvm clients are connected via a network bridge on C, e.g. "brctl > > show" sees N+1 real ethernet interfaces eth0, ... ethN, and the M+1 > > virtual interfaces associated with the kvm guests: vnet0 ... vnetM. There > > are no netfilter rules to be seen on any of the hosts involved. > > > > Oh, and A can ping6 B, and vice versa, just fine. I'm only seeing this > > weirdness with TCP. > > > > Anybody have any thoughts? This is violating my expectations. > > That is weird. Weirder still is the fact that I can duplicate those > symptoms on my Mac that's hosting a Linux VM using the UTM hypervisor. > ssh -6 fails but ping6 succeeds. > > -- > Paul Heinlein > heinl...@madboa.com > 45°22'48" N, 122°35'36" W >