Ask Your Question
0

Computing support over internet with SSH and IPV6

asked 2014-04-26 03:51:42 -0500

remjg gravatar image

updated 2014-09-28 12:03:50 -0500

mether gravatar image

Hi,

I want to be able to do some computing support over the internet with people from my family. This is something completely new to me, but it would be very convenient.

To do so, I have enabled remote login in the Sharing section of the GNOME settings. The internet provider of the remote computer will use IPv6 (well I configured it so).

I have a few questions since I must be sure before giving back the computer that this will work well. If needed I can ask them separately.

1. How to find the remote computer IPv6 address?

My guess is that I have to use the second inet6 line that I found with the ifconfig command:

$ ifconfig
...
wlp18s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.11  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::1e65:9eff:fe67:c44b  prefixlen 64  scopeid 0x20<link>
        inet6 2a01:e35:8a23:6a0:1e65:9eff:fe67:c44b  prefixlen 64  scopeid 0x0<global>
...

2. How to connect to the remote computer using SSH?

Using the IPv6 address I might have found with the previous question, I was thinking of using the following command:

ssh root@2a01:e35:8a23:6a0:1e65:9eff:fe67:c44b

It works when both computers are on a local network but I want to be sure.

3. Should I configure the remote computer router if it is truly using IPv6?

Well, I have very little knowledge on that matter.

4. Is it dangerous for an average user to have his firewall disabled?

In order for the user to be able to watch TV on his computer (see question 44951), I have no other solution than disabling the firewall. So here I don't need to configure it for SSH.

Do you think it is high risk for an average user (mail, surf, very basic stuffs)?

edit retag flag offensive close merge delete

Comments

ssh root@2a01:e35:8a23:6a0:1e65:9eff:fe67:c44b

What? Nononono. Never ever allow SSH as root.

QuLogic gravatar imageQuLogic ( 2014-04-27 18:50:22 -0500 )edit

You mean that sudo is better? The only use case of this SSH access is to be able to "repair" a broken system (rollback an update for example).

remjg gravatar imageremjg ( 2014-05-04 03:34:32 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2014-04-29 01:39:22 -0500

  1. You're right. Look at the IPv6 address on the user's WAN-facing interface with the "global" scope. This is the address route-able globally. You can also check using iproute (which is usually preferred to the now-obsolete ifconfig):
    ip -f inet6 addr show dev wlp18s0 scope global
    This narrows your search to global IPv6 addresses on interface wlp18s0 only.
  2. Enclose the IPv6 address in brackets, e.g. ssh login@[2a01:e35:8a23:6a0:1e65:9eff:fe67:c44b]. Again, as @QuLogic pointed out, don't use root. It is even advised to turn off remote root-login completely in sshd config file /etc/ssh/sshd_config:
    PermitRootLogin no
  3. If it is "truly" using IPv6, you don't have to configure the router. Then again, the router or ISP may perform funny things like firewalling, etc.. so I'm not really sure.
  4. I think so, especially if you're using SSH. If you have to disable firewall to use some app, there's a high chance that the firewall implementation/config, or the app, is broken.
edit flag offensive delete link more

Comments

Thanks for all the details, I will have a look at iproute. For the application, I have reported the issue but It will not be solved any time soon.

remjg gravatar imageremjg ( 2014-05-04 03:45:33 -0500 )edit

Question Tools

1 follower

Stats

Asked: 2014-04-26 03:51:42 -0500

Seen: 751 times

Last updated: Apr 29 '14