Page MenuHomeVyOS Platform

Unable to bind SSH only to a dynamic interface
Closed, WontfixPublicFEATURE REQUEST

Description

The "set service ssh listen-address" command only accepts IPv4 or IPv6 addresses as arguments but if the given interface is getting it's address from DHCP, this address is unknown as it can and will change over time. Other commands accept an interface for these cases so it would be fantastic if we could do this...

set service ssh listen-address eth0

... and have eth0 translated to the provisioned address at runtime (and update sshd_config, restart sshd, etc. whenever the IP address changes via dhcpc hooks/systemd/etc.).

I'm opening this as a feature request but IMHO this is a gap in Crux that prevents VyOS from being fully utilized with DHCP interfaces. Thanks!

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close

Event Timeline

You can always let SSH listen to a loopback address

Our use case requires that the SSH listener be a public IP address (no NAT), of which we only get the one on the DHCP interface. As such, your suggestion will not work for us.

Or if DNAT is a no go, use wireguard and tunnel it.

There are many complexities with our deployments that force our hand for acceptable configuration paradigms. It might make more sense to discuss this directly via email like we did for the DHCP VTI/VPN features/bug fixes that are included in 1.2.1.

Much like the VPN portion of the config that allows for the selection for a dhcp-interface we're looking for similar capability with ssh-listen address.

syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
Viacheslav added a subscriber: Viacheslav.

As I understand, there are now ways to implement it natively for sshd
Reopen please if you have/know a solution for it.