On 10/08/2019 13.18, gumb wrote:
I don't know much about ssh, networking and so on, just enough to have got ssh working on ipv4 between various machines both on my LAN and remotely. Now I'm wanting to try and convert everything to ipv6, since my home ISP has switched to ipv6 by default and in theory it should be simpler overall, but info when googling is limited and outdated. I've had some success already but need more info.
1) I don't fully understand how ipv6 addresses get dished out. I can see, having now set up connections on three machines on my LAN, that one address seems to be the permanent one, chosen automatically for connections, although with one PC it initially chose a different address and settled on that other one later. After looking at info in <ip a> on two machines, the address that I suppose to be the 'main' or permanent one has different things appended. On my old laptop the main one has a /128 suffix followed by 'scope global dynamic'. On my new laptop it has a /64 suffix followed by 'scope global mngtmpaddr noprefixroute dynamic'. Does 'mngtmpaddr' imply it's only temporary?
So Say We All: I do not know :-p
2) The machine I administer remotely in another country is connected to an ISP that provides a dynamic IP, which has caused me headaches trying to find a method of automatically obtaining the new address each time it changes. If I change over to an ipv6 connection, will they still issue a dynamic address? (I don't know if the dynamic IP is a means to conserving limited ipv4 addresses or if it serves other purposes).
There is another problem: if you are on IPv6 only then AFAIK you can not connect to it, you need an IPv4. Or a tunnel provider or something. Hopefully your provider gives you both addresses. An easy way is having the other machine mail you, automatically or manually, but not using a webmail system. You use the command "mail", which can be used in a script, either on its own, or using postfix as an intermediary. I think trying to use Thunderbird for this is not a good idea. Basically, you have a cronjob that obtains the current external IP, compares it with the IP obtained the previous run, and if different, sends an email to you, then saves it on a file. You can also phone and ask him to read aloud that file to you. This IP can also be used to configure a server on Internet that offers free or paid Dynamic DNS hosting. Ie, a DNS server out there that stores that IP, and points some name you invent to it. Possibly his router supports directly some such service, and if you use this you don't need any scripting, the router will do it - as long as the router is not reset to factory defaults or replaced, so having the mail setup as a backup is probably a good idea.
3) I can ssh within my LAN using the link-local address in the console, though I find it much faster and preferable to use a graphical interface and can't find how to make Dolphin accept this address in the 'Network Folder Wizard' dialog. It must need the interface specifying but no matter how I write out the string (%eth0, square brackets, quotes, backslash escapes, etc.) it doesn't accept it.
No, the link local address (starts with fe80:) is basically useless. You can ping it by number: cer@Telcontar:~> ping -c 2 fe80::4ecc:6aff:fe61:50a1%eth0 PING fe80::4ecc:6aff:fe61:50a1%eth0(fe80::4ecc:6aff:fe61:50a1%eth0) 56 data bytes 64 bytes from fe80::4ecc:6aff:fe61:50a1%eth0: icmp_seq=1 ttl=64 time=0.343 ms 64 bytes from fe80::4ecc:6aff:fe61:50a1%eth0: icmp_seq=2 ttl=64 time=0.381 ms --- fe80::4ecc:6aff:fe61:50a1%eth0 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1024ms rtt min/avg/max/mdev = 0.343/0.362/0.381/0.019 ms cer@Telcontar:~> You can ssh to it by number: cer@Telcontar:~> ssh fe80::4ecc:6aff:fe61:50a1%eth0 The authenticity of host 'fe80::4ecc:6aff:fe61:50a1%eth0 (fe80::4ecc:6aff:fe61:50a1%eth0)' can't be established. ECDSA key fingerprint is SHA256:ILybaOsrdw95ufuc4st0K1V6QyLT8ZWwBCJQVZfzwNk. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'fe80::4ecc:6aff:fe61:50a1%eth0' (ECDSA) to the list of known hosts. Last login: Thu Aug 8 14:23:09 2019 from 192.168.1.14 Have a lot of fun... cer@Isengard:~> But you can not do it by name, because it needs the interface: cer@Isengard:~> grep fe80 /etc/hosts fe80::21e:bff:fe08:4ccb bilbo6 cer@Isengard:~> ping bilbo6 connect: Invalid argument cer@Isengard:~> ping bilbo6%eth0 ping: bilbo6%eth0: Name or service not known cer@Isengard:~> (It is the IPv6 address of my HP Laser Printer, and I can not configure it using IPv6) You can not browse to it on Firefox or Chrome because it has been intentionally disabled for security. This is a nice one: a format that is defined in the /official/ internet documentation can not be used because it has security issues. The bugzilla is old. If you google the "bilbo6" number above you find threads in this mail list about that: <http://opensuse.14.x6.nabble.com/Trying-to-access-IPv6-web-page-on-firefox-revisited-td5102258.html> <http://opensuse.14.x6.nabble.com/IPv6-in-Firefox-does-it-work-The-saga-continues-td4991712.html> The importance of having a browser access this particular type of IP is that it is the configuration address of small devices, and it does not change, can be printed on the device label. For example, to configure a router without resetting it, you need this access. If you are in this quandary, you need Firefox version 6! Some admins keeps a copy of it just for this usage. <https://support.mozilla.org/en-US/questions/1111992> <https://bugzilla.mozilla.org/show_bug.cgi?id=700999> -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)