summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2022-07-01 16:29:53 +0200
committerLudovic Courtès <ludo@gnu.org>2022-07-01 23:29:16 +0200
commitbf7e07d299b197891110fbd8c717badbab06a472 (patch)
tree7bbf249ee7a7dcdda5deff42ee70fb503f09671e
parentb512dadfd603869ac009a432b56f55945841cce0 (diff)
services: openssh: Listen on IPv6 only when IPv6 is supported.
Fixes <https://issues.guix.gnu.org/56327>. Reported by André Batista <nandre@riseup.net>. * gnu/services/ssh.scm (openssh-shepherd-service)[ipv6-support?]: New variable. Use it in 'start' method.
-rw-r--r--gnu/services/ssh.scm20
1 files changed, 16 insertions, 4 deletions
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 57d3ad218c..72e7183590 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -536,6 +536,15 @@ of user-name/file-like tuples."
#~(and (defined? 'make-inetd-constructor)
(not (string=? (@ (shepherd config) Version) "0.9.0"))))
+ (define ipv6-support?
+ ;; Expression that returns true if IPv6 support is available.
+ #~(catch 'system-error
+ (lambda ()
+ (let ((sock (socket AF_INET6 SOCK_STREAM 0)))
+ (close-port sock)
+ #t))
+ (const #f)))
+
(list (shepherd-service
(documentation "OpenSSH server.")
(requirement '(syslogd loopback))
@@ -544,12 +553,15 @@ of user-name/file-like tuples."
(start #~(if #$inetd-style?
(make-inetd-constructor
(append #$openssh-command '("-i"))
- (list (endpoint
+ (cons (endpoint
(make-socket-address AF_INET INADDR_ANY
#$port-number))
- (endpoint
- (make-socket-address AF_INET6 IN6ADDR_ANY
- #$port-number)))
+ (if #$ipv6-support?
+ (list
+ (endpoint
+ (make-socket-address AF_INET6 IN6ADDR_ANY
+ #$port-number)))
+ '()))
#:max-connections #$max-connections)
(make-forkexec-constructor #$openssh-command
#:pid-file #$pid-file)))