diff options
author | Ludovic Courtès <ludo@gnu.org> | 2022-07-01 16:29:53 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2022-07-01 23:29:16 +0200 |
commit | bf7e07d299b197891110fbd8c717badbab06a472 (patch) | |
tree | 7bbf249ee7a7dcdda5deff42ee70fb503f09671e | |
parent | b512dadfd603869ac009a432b56f55945841cce0 (diff) |
services: openssh: Listen on IPv6 only when IPv6 is supported.
Fixes <https://issues.guix.gnu.org/56327>.
Reported by André Batista <nandre@riseup.net>.
* gnu/services/ssh.scm (openssh-shepherd-service)[ipv6-support?]: New
variable.
Use it in 'start' method.
-rw-r--r-- | gnu/services/ssh.scm | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index 57d3ad218c..72e7183590 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -536,6 +536,15 @@ of user-name/file-like tuples." #~(and (defined? 'make-inetd-constructor) (not (string=? (@ (shepherd config) Version) "0.9.0")))) + (define ipv6-support? + ;; Expression that returns true if IPv6 support is available. + #~(catch 'system-error + (lambda () + (let ((sock (socket AF_INET6 SOCK_STREAM 0))) + (close-port sock) + #t)) + (const #f))) + (list (shepherd-service (documentation "OpenSSH server.") (requirement '(syslogd loopback)) @@ -544,12 +553,15 @@ of user-name/file-like tuples." (start #~(if #$inetd-style? (make-inetd-constructor (append #$openssh-command '("-i")) - (list (endpoint + (cons (endpoint (make-socket-address AF_INET INADDR_ANY #$port-number)) - (endpoint - (make-socket-address AF_INET6 IN6ADDR_ANY - #$port-number))) + (if #$ipv6-support? + (list + (endpoint + (make-socket-address AF_INET6 IN6ADDR_ANY + #$port-number))) + '())) #:max-connections #$max-connections) (make-forkexec-constructor #$openssh-command #:pid-file #$pid-file))) |