Remote Sessions Over IPv6 with SSH, SCP, and Rsync
Our familiar old file-copying friends SSH, SCP, and Rsync are all IPv6-ready, which is the good news. The bad news is they have syntax quirks which you must learn to make them work. Before we get into the details, though, you might want to review the previous installments in our meandering IPv6 series:
- Practical Networking for Linux Admins: TCP/IP
- Practical Networking for Linux Admins: Real IPv6
- Practical Networking for Linux Admins: IPv4 and IPv6 LAN Addressing
- Practical Networking for Linux Admins: IPv6 Routing
SSH and SCP
Like all good Linux admins, you know and use SSH and SCP. Both have some differences and quirks for IPv6 networks. These quirks are in the remote addresses, so once you figure those out, you can script SSH and SCP just like you're used to, and use public key authentication.
By default, the
sshd daemon listens for both IPv4 and IPv6 protocols. You can see this with
$ sudo netstat -pant|grep sshd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1228/sshd tcp6 0 0 :::22 :::* LISTEN 1228/sshd
You may disable either one with the
AddressFamily setting in
sshd_config. This example disable IPv6:
The default is
inet6 means IPv6 only.
On the client side, logging in over IPv6 networks is the same as IPv4, except you use IPv6 addresses. This example uses a global unicast address in the private LAN address range:
$ ssh carla@2001:db8::2
Just like IPv4, you can log in, run a command, and exit all at once. This example runs a script to back up my files on the remote machine:
$ ssh carla@2001:db8::2 backup
You can also streamline remote root logins. Wise admins disable root logins over SSH, so you have to log in as an unprivileged user and then change to a root login. This is not so laborious, but we can do it all with a single command:
$ ssh -t carla@2001:db8::2 "sudo su - root -c 'shutdown -h 120'" carla@2001:db8::2's password: [sudo] password for carla: Broadcast message from carla@remote-server (/dev/pts/2) at 9:54 ... The system is going down for halt in 120 minutes!
shutdown example will stay open until it finished running, so you can change your mind and cancel the shutdown in the usual way, with
Another useful SSH trick is to force IPv6 only, which is great for testing:
$ ssh -6 2001:db8::2
You can also force IPv4 with with
You may access hosts on your link local network by using the link local address. This has an undocumented quirk that will drive you batty, except now you know what it is: you must append your network interface name to the remote address with a percent sign.
$ ssh carla@fe80::ea9a:8fff:fe67:190d%eth0
scp is weird. You have to specify the network interface with the percent sign for link local addresses, enclose the address in square braces, and escape the braces:
$ scp filename \[fe80::ea9a:8fff:fe67:190d%eth0\]: carla@fe80::ea9a:8fff:fe67:190d's password: filename
You don't need the interface name for global unicast addresses, but still need the escaped braces:
$ scp filename \[2001:db8::2\]: carla@2001:db8::2's password: filename
This example logs into a different user account on the remote host, specifies the remote directory to copy the file into, and changes the filename:
scp filename userfoo@\[fe80::ea9a:8fff:fe67:190d%eth0\]:/home/userfoo/files/filename_2
rsync requires enclosing the remote IPv6 address in various punctuations. Global unicast addresses do not need the interface name:
$ rsync -av /home/carla/files/ 'carla@[2001:db8::2]':/home/carla/stuff carla@f2001:db8::2's password: sending incremental file list sent 100 bytes received 12 bytes 13.18 bytes/sec total size is 6,704 speedup is 59.86
Link local addresses must include the interface name:
$ rsync -av /home/carla/files/ 'carla@[fe80::ea9a:8fff:fe67:190d%eth0]':/home/carla/stuff
As always, remember that the trailing slash on your source directory, for example
/home/carla/files/, means that only the contents of the directory are copied. Omitting the trailing slash copies the directory and its contents. Trailing slashes do not matter on your target directory.
Learn more about Linux through the free "Introduction to Linux" course from The Linux Foundation and edX.