Format of ipv6 address in hosts.allow for sshd
man page host.allow: An expression of the form '[n:n:n:n:n:n:n:n]/m' is interpreted as a '[net]/prefixlen' pair. An IPv6 host address is matched if 'prefixlen' bits of 'net' is equal to the 'prefixlen' bits of the address. For example, the [net]/prefixlen pattern '[3ffe:505:2:1::]/64' matches every address in the range '3ffe:505:2:1::' through '3ffe:505:2:1:ffff:ffff:ffff:ffff'.
To use IPv6 addresses you must enclose them in []'s. Examples of valid IPv6 addresses:
ALL : [fe80::%fxp0]/10 : allow
ALL : [fe80::]/10 : deny
ALL : [2001:db8:2:1:2:3:4:3fe1] : deny
ALL : [2001:db8:2:1::]/64 : allow
Basically I added a space after the last ipv4 address followed by the user's address inside square brackets followed by /64 but that doesn't work
All examples I saw had the IPv6 on a different line.
Related videos on Youtube
jamespa
Updated on September 18, 2022Comments
-
jamespa over 1 year
I'm trying to allow access to a user via ssh who has an IPv6 address. I want to assign the address in the hosts.allow file I have other users with IPv4 addresses working fine but it seems I have a syntax problem with the IPv6 address.
Can someone suggest the correct format I tried
xxx.yyy.zzz.123 [wwww:xxxx:yyyy:zzzz:aaaa:bbbb:cccc:dddd]/64
.Basically I added a space after the last ipv4 address followed by the user's address inside square brackets followed by /64 but that doesn't work. Any helpful suggestion much appreciated.