Thanks for testing! I've uploaded this change to hardy-proposed; it's currently waiting for approval. Once it's published there (you'll be notified by way of a comment in this bug), it would be helpful if you could validate that that version also works, so that it can be promoted to hardy-updates.
** Description changed: + Stable release update justification: + + Impact: IPv4 access to IPv6-only OpenSSH servers cannot be disabled in Ubuntu 8.04 LTS. On systems where IPv4 connectivity is present but IPv6 is primary (which is currently fairly rare, but seems likely to become much more common over the remaining lifetime of 8.04) this will have confusing effects on access control. + Development branch: Fixed upstream for OpenSSH 4.9p1 (http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/5290). + Patch: See "Development branch" - the patch applies cleanly. + TEST CASE: Either of the two sshd_config options in the original report below should disable IPv4 access (test with 'ssh -4') and leave IPv6 access intact (test with 'ssh -6'). + Regression potential: The most likely problem is a socket that becomes IPv6-only but was somehow important for IPv4 access. I suggest testing that IPv4 access remains unimpaired, and in particular I think it would be worth testing X forwarding. + + Original report: + Last week I changed our infrastructure so that our ~20 Ubuntu boxes can only be managed with SSH via IPv6. To do this I added "ListenAddress ::1" to sshd_config. This seems to work fine on our 10.04LTS boxes (OpenSSH_5.3p1 Debian-3ubuntu), but this configuration does not work on our 8.04LTS boxes: they are still reachable via IPv4. - The same thing goes for "AddressFamiliy inet6", that options works on + The same thing goes for "AddressFamily inet6", that options works on 10.04, but not on 8.04. Classified as security bug, although I realise that probably not many are affected by this. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. https://bugs.launchpad.net/bugs/713002 Title: Impossible to disable IPv4 -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
