Re: FreeBSD git service IPv6 broken

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Sat, 10 Aug 2024 22:00:28 UTC 
==== BEGIN LOG ====
sync-01[sync]:/data/repos/hbsd-ports $ host git.freebsd.org
git.freebsd.org is an alias for gitmir.geo.freebsd.org.
gitmir.geo.freebsd.org has address 192.158.248.9
gitmir.geo.freebsd.org has IPv6 address 2001:500:6b:d::24ca:1
gitmir.geo.freebsd.org mail is handled by 0 .

sync-01[sync]:/data/repos/hbsd-ports $ git remote -v
origin  git@git.hardenedbsd.lan:HardenedBSD/ports.git (fetch)
origin  git@git.hardenedbsd.lan:HardenedBSD/ports.git (push)
upstream        ssh://anongit@git.freebsd.org/ports.git (fetch)
upstream        ssh://anongit@git.freebsd.org/ports.git (push)

sync-01[sync]:/data/repos/hbsd-ports (130) $ git fetch -6 upstream
load: 0.12  cmd: ssh 87123 [select] 56.81r 0.02u 0.02s 0% 9888k
Connection reset by 2001:500:6b:d::24ca:1 port 22
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

sync-01[sync]:/data/repos/hbsd-ports (130) $ git fetch -4 upstream
remote: Enumerating objects: 13, done.
remote: Counting objects: 100% (13/13), done.
remote: Compressing objects: 100% (7/7), done.
remote: Total 7 (delta 4), reused 0 (delta 0), pack-reused 0 (from 0)
Unpacking objects: 100% (7/7), 732 bytes | 36.00 KiB/s, done.
From ssh://git.freebsd.org/ports
   861a8955c8f2..009a1b92bdcb  main       -> upstream/main

sync-01[sync]:/data/repos/hbsd-ports $ nc -6vv git.freebsd.org 22
Connection to git.freebsd.org 22 port [tcp/ssh] succeeded!
SSH-2.0-OpenSSH_9.7 FreeBSD-20240701
^C
sync-01[sync]:/data/repos/hbsd-ports (128) $ nc -vv 2001:500:6b:d::24ca:1 22
Connection to 2001:500:6b:d::24ca:1 22 port [tcp/ssh] succeeded!
SSH-2.0-OpenSSH_9.7 FreeBSD-20240701
^C
==== END LOG ====

On Sat, Aug 10, 2024 at 03:39:13PM -0600, Warner Losh wrote:
> git.FreeBSD.org is geo dispersed. What does "host git.FreeBSD.org" say?
> 
> Warner
> 
> On Sat, Aug 10, 2024, 3:03 PM Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
> 
> > Hey FreeBSD git folks,
> >
> > It looks like attempting to access git.freebsd.org ssh over IPv6 is
> > failing. IPv4 works fine.
> >
> > Setting this in ${HOME}/.ssh/config causes git to be happy again:
> >
> > ==== BEGIN ssh config ====
> > Host git.freebsd.org
> >         AddressFamily inet
> > ==== END ssh config ====
> >
> > Thanks,
> >
> > --
> > Shawn Webb
> > Cofounder / Security Engineer
> > HardenedBSD
> >
> > Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
> >
> > https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
> >

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc