How do I login ssh to an IPv6 server from an IPv4 internet connection?
Goals
- Not everybody has an IPv6 address (see IPv6 adoption per country):
- Given a valid account (ssh), allow a user on an IPv4 connection ssh to an IPv6 server running on an IPv6 host. Let's get tunnelling!
- Critical goals: To the user, they should still be able to simply ssh <username>@<hostname> because we don't want to re-invent, confuse, or add cognitive load in avoidable anyway
Code example
As part of this research the following repo was created.
With this you can:
- ssh to an ipv6 server from an ipv4 address from within a web browser
- Need: You need to spin up a intermediary server (e.g. VPS) which speaks both
ipv4andipv6(aka dual stack) for this to work, see the repo below:
GitHub - KarmaComputing/ipv4-ssh-to-ipv6-server: ssh to an ipv6 server from an ipv4 address from within a web browser
ssh to an ipv6 server from an ipv4 address from within a web browser - GitHub - KarmaComputing/ipv4-ssh-to-ipv6-server: ssh to an ipv6 server from an ipv4 address from within a web browser
KarmaComputingExample ssh_config IPv4 to IPv6 server using ProxyCommand
Host ipv6host
User root
ProxyCommand ssh <ip-forwarder-hostname> 'nc -6 2a01:4f9:c010:beda::1 22'
Host ipv6hosttwo
User root
ProxyCommand ssh <ip-forwarder-hostname> 'nc -6 2a01:4f9:c012:70c2::1 22'<ip-forwarder-hostname> is the host or ip address of a server which speaks both IPv4 and IPv6 (aka 'is Dual-stacked) and has a route to the destination Host. Credit to https://backreference.org/2010/02/26/jump-in-with-ssh-and-netcat/index.html for help working this out as a cross-platform solutionQuestions
Does a IPv4 DNS request receive AAAA responses?
Assumptions
- IPv4 client resolvers will only request IPv4 A resource records (RR) whereas IPv6 clients may request both A and AAAA records. See Common Misbehavior Against DNS Queries for IPv6 Addresses
- I can connect to intermediate host (intermediate), then I want that host to forward my ssh connection (proxy) to the destination.
Credits
Thanks to
- https://backreference.org/2010/02/26/jump-in-with-ssh-and-netcat/index.html
Related
We've been writing a lot about ipv6 of late as ipv6 is becoming more commonplace.
Setup an IPv6 connection over IPv4 via Wireguard VPN (How to get IPv6 when you only have an IPv4 internet connection)
If you don’t have IPv6 at home, sometimes you want to be able to test IPv6 only services- you need to tunnel a IPv6 connection somehow from your IPv4 internet connection to a server which does have IPv6 enabled. You can achieve that by using a combination of: * A cheap
IPv6 Only Web Services Becoming Commonplace
IPv6 connectivity (native) continues to shoot up: This trend started as a slow “it won’t happen” almost joke within the IT community with efforts such as the 2012 “World IPv6 launch days” The economic incentive for IPv6 is here now What we’re seeing now is the economic incentive stepping in
Using systemd-nspawn containers with publicly routable ips (IPv6 and IPv4) via bridged mode for high density testing whilst balancing tenant isolation
If you’re tight for time and want to build this right away see the “Tutorial” heading for how to setup systemd-nspawn with bridge mode and public ip addressing. There’s also an accompanying systemd-nspawn repo with a scripted process to deploy everything in this article automatically: GitHub - Kar…
