[nzlug] IPv6 comes to rescue

[Michal Ludvig]

Nevyn wrote:

> I chose not to use DHCP for servers because if the DHCP server goes
> down, it's really hard to remotely access this machine. 

IPv6 comes to rescue in cases like this when DHCP doesn't work or 
misconfigured iptables block access to a host over IPv4.

All you need to do is:
1) find out all hosts on the ethernet segment:
~# ping6 -I eth0 ff02::1
PING ff02::1(ff02::1) from fe80::2a0:81ff:fe5f:9137 eth0: 56 data bytes
64 bytes from fe80::212:1ff:fe04:5d8a: icmp_seq=1 ttl=64 time=0.190 ms
64 bytes from fe80::2c0:58ff:feb5:1f7: icmp_seq=1 ttl=64 time=0.953 ms 
(DUP!)
64 bytes from fe80::204:23ff:fe77:c03a: icmp_seq=1 ttl=64 time=597 ms (DUP!)

2) Pick the IP you'd like to connect to. Well, this step may be a bit 
tricky unless you happen to know the hosts MAC address (you'll find the 
MAC address built-in the IPv6 address, for instance 
MAC=00:A0:81:5F:91:37 becomes IPv6=fe80::2a0:81ff:fe5f:9137 ... see, 
it's hidden there!)
If you don't know the MAC use trial and error.

3) SSH to the host of choice:
~# ssh fe80::204:23ff:fe77:c03a%eth0
The authenticity of host 'fe80::204:23ff:fe77:c03a%eth0' can't be 
established.
RSA key fingerprint is e3:41:...:52:fe.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'fe80::204:23ff:fe77:c03a%eth0' (RSA) to the 
list of known hosts.
[...]

Note that these addresses beginning with fe80: are so called "IPv6 
link-local" and are not routable. Their scope is just the ethernet 
segment the interface is connected to and therefore you can only reach 
them from other machines on the same segment. That's also the reason why 
you must specify the interface as "%eth0" appended to the address for 
SSH to know where to send the packets.

Michal