SSH + Stable SLAAC Address = 6ssh
|
by Craig Miller
I use a laptop, like most people. I also tend to put my laptop to sleep several times a day, sometimes for hours. In an IPv6 environment, putting the laptop asleep will break all the ssh (and X11 forwarded apps) sessions that I have running.
I also connect my laptop to several different Wifi Networks at my house, and ssh disconnects happen a lot.
The Problem
With StateLess Address Auto Config (SLAAC), by default IPv6 will use temporary addresses (RFC 8981) for outbound connections, including ssh. While it possible to disable this feature, in most cases I prefer temporary addresses to be used (e.g. https sessions).
However, in the modern world, putting a Linux laptop to sleep, will cause systemd to generate new temporary addresses, and the ssh connection(s) will not be restored after waking up the laptop.
Of course, one could turn off SLAAC, and just run DHCPv6. But I like SLAAC, it just works. And with RFC 7271, SLAAC makes better use of the 64 bit Interface ID (IID) space by generating a pseudo-random IID, making it even harder to guess the hosts IP address.
A solution
By binding the ssh session to a local Stable SLAAC address, the ssh session will remain connected after the laptop wakes up from sleep and reconnects to the network.
There's a couple of ways to achieve the binding:
- Configure BindAddress in your local ssh_config file (~/.ssh/config)
- Use the
-boption when callingsshdirectly
The problem with #1 is that if your laptop roams to another network, the BindAddress will be incorrect, and ssh will no longer work.
The challenge with #2, is you have to figure out what address to place on the command line for the -b parameter
Introducing 6ssh.sh
I have created a bash script to automate the #2 operation. Basically, the script looks at the active interfaces, and selects the first Stable SLAAC Address it finds, and calls ssh -b <stable slaac address>
Like all good scripts, there is help:
$ ./6ssh.sh -h
./6ssh.sh - ssh using Stable SLAAC Source Address
e.g. ./6ssh.sh <host>
-i <int> use this interface
-u use ULA address (default GUA)
-X use X forwarding
You can find 6ssh.sh on github.
It supports both Linux and BSD (including MacOS).
How long will 6ssh.sh survive a laptop sleep?
It depends. Since ssh uses Transmission Control Protocol (TCP), it depends on the server's TCP timers. Using the default settings of my Linux server, I have found that the ssh session will survive a laptop sleep over dinner.
My beta tester increased their server TCP timers, and had their ssh session still be active upon waking up the laptop after a 12 hour sleep! Of course, you probably don't want to change your server's TCP settings if it is exposed to the internet, since someone will try to exhaust all your TCP buffers (resulting in a DoS attack).
Using ssh and SLAAC is now easy
One no longer has to pine for the old days of just one IP address for an interface. SLAAC is not only easy, but a standardized method for a host to get a Globally Unique (GUA) IPv6 address without requiring a server. And with 6ssh.sh you can sleep/wake your laptop many times during the day, and all your ssh sessions (and X11 forwarded apps) will be there waiting for you.
Notes:
- SSH Logo from openssh.org of days past.
- RFC 7271 A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)
6ssh.shmay not be needed on MacOS (as it treats the interfaces differently when the laptop is sleeping)
31 July 2024