On 2019-08-10 07:18 AM, gumb wrote:
I don't know much about ssh, networking and so on, just enough to have got ssh working on ipv4 between various machines both on my LAN and remotely. Now I'm wanting to try and convert everything to ipv6, since my home ISP has switched to ipv6 by default and in theory it should be simpler overall, but info when googling is limited and outdated. I've had some success already but need more info.
1) I don't fully understand how ipv6 addresses get dished out. I can see, having now set up connections on three machines on my LAN, that one address seems to be the permanent one, chosen automatically for connections, although with one PC it initially chose a different address and settled on that other one later. After looking at info in <ip a> on two machines, the address that I suppose to be the 'main' or permanent one has different things appended. On my old laptop the main one has a /128 suffix followed by 'scope global dynamic'. On my new laptop it has a /64 suffix followed by 'scope global mngtmpaddr noprefixroute dynamic'. Does 'mngtmpaddr' imply it's only temporary?
With IPv6, there are something called privacy addresses. These are based on a random number and you get a new one every day, with old ones falling off after a week. You should also have one permanent address, which can be based on the MAC address or a random number. This is the address you'd use when trying to connect to that computer. The privacy addresses are used for outgoing connections. There will also be a link local address, which starts with fe80. The link local address is typically used for things like router advertisements, default gateway and more, but generally you don't used them for connecting to a computer. A /64 means you're on a LAN, with the first 64 bits corresponding to the network prefix and the other 64 bits identifying the device on the LAN. A /128 is used identify a device and is used when connecting, but you can't connect directly to it. Traffic is actually routed to it, from another address. This is common on routers. If you have a point to point connection, you would have a /127 address.
2) The machine I administer remotely in another country is connected to an ISP that provides a dynamic IP, which has caused me headaches trying to find a method of automatically obtaining the new address each time it changes. If I change over to an ipv6 connection, will they still issue a dynamic address? (I don't know if the dynamic IP is a means to conserving limited ipv4 addresses or if it serves other purposes).
With IPv6, you'd normally have a consistent network prefix. This means you'd use the permanent address as your target, to configure DNS for etc. You would not use the privacy addresses for this.
3) I can ssh within my LAN using the link-local address in the console, though I find it much faster and preferable to use a graphical interface and can't find how to make Dolphin accept this address in the 'Network Folder Wizard' dialog. It must need the interface specifying but no matter how I write out the string (%eth0, square brackets, quotes, backslash escapes, etc.) it doesn't accept it.
That is not the intended purpose of a link local address as you also have to provide the interface ID to use it.
4) If I ssh to another machine on the LAN but using the afore-mentioned 'global' main address, does this go outside of my LAN, i.e. if I'm only using PAM authentication is there a risk of this being intercepted?
If it's on the LAN, it does not go through the router. This is exactly the same as with IPv4. When a device has a packet to send, it compares it's own address, the destination address and the prefix or subnet mask, to determine if the destination is on the local LAN. If it is, it uses neighbor solicitation on IPv6 or ARP on IPv4, to obtain the MAC address to send the packet to. If it determines the destination is elsewhere, it sends the packet to the router, using the routers's MAC address. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org