Unable to close SSHD on IPv6 TCP port
Solution 1
According to this
The way to enable ipv6 for SSHD is to write a line in your /etc/ssh/sshd_config that says ListenAddress ::
So I would do the reverse, edit your /etc/ssh/sshd_config file and delete that line.
So your file would have looked like
ListenAddress 0.0.0.0
ListenAddress ::
Now you simply want it to say
ListenAddress 0.0.0.0
-=EDIT=-
Another way to disable ipv6 is apparently listed on this post:
Open a terminal and type the following command (if you don't use Gedit, replace it with your text editor such as Kate, etc).
sudo gedit /etc/default/grubAnd search for this:
GRUB_CMDLINE_LINUXModify it so it looks like this:
GRUB_CMDLINE_LINUX="ipv6.disable=1"Update the GRUB:
sudo update-grub2
or
sudo update-grubdepending on which version of Grub you are using.
Solution 2
I've hit this page before discovering an answer here: https://unix.stackexchange.com/a/126793/353061
Reposting:
By default sshd uses ipv4 and ipv6. You can configure the protocol sshd uses through the AddressFamily directive in /etc/ssh/sshd_config
For ipv4 & ipv6 (default)
AddressFamily any
For ipv4 only
AddressFamily inet
For ipv6 only
AddressFamily inet6
After you make any changes to sshd_config restart sshd for the changes to take effect.
In addition here is how you can do it in sed:
sed -i 's/^#AddressFamily any/AddressFamily inet/' /etc/ssh/sshd_config
And restart sshd:
systemctl restart sshd
mudasirahanger
I'm a software developer who relishes authoring Java and Python, hacking on Android and toying with AppEngine. I have a penchant for development and a passion for the business side of software. In between all the work, I contribute to a number of open-source projects, learn to master the art of cooking Asian cuisine and try to stay sane while learning to fly my Align Trex-600 Nitro Heli.
Updated on September 18, 2022Comments
-
mudasirahanger over 1 year
I'm running Ubuntu 10.4 and I've tried disabling IPv6 as I don't currently need it. I rand the following to disable IPv6 and then rebooted my server:
echo "#disable ipv6" | sudo tee -a /etc/sysctl.conf echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf echo "net.ipv6.conf.default.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf echo "net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.confAfter the reboot I can see that IPv& is disabled by running:
cat /proc/sys/net/ipv6/conf/all/disable_ipv6On running
netstat -antlpi see that most of the IPv6 applications have closed but SSHd keeps running:Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:9090 0.0.0.0:* LISTEN 663/java tcp 0 0 0.0.0.0:9091 0.0.0.0:* LISTEN 663/java tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 684/apache2 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 513/sshd tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 605/postgres tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 684/apache2 tcp6 0 0 :::22 :::* LISTEN 513/sshdHo can I close the SSH daemon on port 22 of the IPv6?
Thanks.
-
mudasirahanger over 12 yearsHi Mokubai. Both of those lines in my
/etc/ssh/sshd_configseem to be commented out by default. Do I simply uncomment theListenAddress 0.0.0.0and restart the SSHd? -
Mokubai over 12 yearsI would certainly try that first, it may be that without either of those lines present (i.e. both are commented out) then it defaults to a "built-in" config with both ipv4 and ipv6 enabled. -
mudasirahanger over 12 yearsUncommenting that line did it, it seems. Yay! Thank you.
-
WiringHarness over 9 yearsI realize this is an old post, but users may still coming here. The commented out lines in the config file are defaults, so if you "simply uncomment" a line but don't change it in any other way, nothing is going to change.
