Causing sshd(8) to Fail New Connections

Aaron Poffenberger

I found a new way to lock myself out of the firewall.

Stupid Resolution Tricks

I was debugging some pf.conf(8) rules and wanted to focus on IPv4 resolution so I "quickly" solved the problem by removing inet6 from the family option in resolv.conf(5).

I finished my work, logged out and went about my day. The next time I tried connecting to the firewall I was greeted with this error:

kex_exchange_identification: Connection closed by remote host

I connected to the server with a serial connection and tried to restart sshd. It failed with the error:

bad addr or host: ::1 (no address associated with name)

That's when I realized what I had forgotten to undo.

But Is It a Bug?

Not really. Perhaps a lack of resilience, but you're not supposed to go fiddling with protocols while daemons are running and expect them to continue doing so.

I'll sent a note to the OpenSSH mailing lists. We'll see what their judgment is.