Hi,
Usually I disable IPv6 when I don’t need it, like on a local proxy server. I remember back in the old days up until CentOS 7.x disabling IPv6 also required to reconfigure some basic services like sshd and postfix.
Here’s what the default (commented-out) sshd configuration looks like in Rocky Linux 8.x and 9.x:
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
Now I wonder if I’m supposed to change that explicitly to something like this to tell sshd that we’re IPv4 only now:
AddressFamily inet
Listen Address 0.0.0.0
So far I haven’t done anything. When I type journalctl -p err everything looks normal. And systemctl status sshd doesn’t complain either.
Any suggestions ?
It’s easy enough just to set the AddressFamily entry and nothing else:
root@rocky9:~# cat /etc/ssh/sshd_config.d/99-custom.conf
AddressFamily inet
root@rocky9:~# netstat -tunlp | grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 784/sshd: /usr/sbin
tcp6 0 0 :::22 :::* LISTEN 784/sshd: /usr/sbin
root@rocky9:~# systemctl restart sshd
root@rocky9:~# netstat -tunlp | grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 42071/sshd: /usr/sb
1 Like
Note, this works in 9. The 8 does not have support for
/etc/ssh/sshd_config.d/*.conf and there one must edit the /etc/ssh/sshd_config
Overall, a service (a process) does decide what it does when it does not get the resource that it does request. In these cases it would be a (tcp) port on IPv6 interface. There might not be IPv6 at all (not recommended), just no IPv6 address on particular interface (NetworkManager ipv6.method disabled), or SELinux saying “no” to the process.
Some processes simply drop dead on the spot. Postfix was one of those.
Some carry on, but without doing what they were supposed to do (listen on port).
I have added to some service configs (systemd units) a “wait for network to be up” for similar reason: the machine will have what the service needs, but the service starts too early by default.
1 Like