Linux/UNIX: Configure OpenSSH To Listen On an IPv6 Address

See all Linux/UNIX networking related FAQ
How do I enable OpenSSH SSH server to listen on an IPv6 address under Linux or UNIX operating systems?

The ListenAddress directive in sshd_config file specifies the local IPv4 and IPv6 addresses sshd should listen on. This page explains how to set up and force sshd to listen on IPv4, IPv6 or both IP protocol version under Linux or Unix-like systems.
Tutorial details
Difficulty level Easy
Root privileges No
Requirements Linux terminal
Category Terminal/ssh
OS compatibility BSD Linux macOS Unix
Est. reading time 3 minutes
Advertisement

The procedure to enable OpenSSH on a Linux or Unix server to listen on IPv6 address

  1. Open the terminal application.
  2. For remote server log in using the ssh command.
  3. Edit the the /etc/ssh/sshd_config file
  4. Then find the line that contains ListenAddress
  5. Set or append ListenAddress :: to listen to all IPv6 and IPv4 address on the server.
  6. Reload sshd service

Let us see all examples and situations in detail for your Linux, BSD and Unix servers.

How to configure OpenSSH To Listen On an IPv6 Address

Here is how to use the cat or egrep command/grep command to locate config:
# grep ListenAddress /etc/ssh/sshd_config
$ sudo grep -Ri ListenAddress /etc/ssh/

Outputs:

[sudo] password for vivek: 
/etc/ssh/sshd_config:#ListenAddress 0.0.0.0
/etc/ssh/sshd_config:#ListenAddress ::

Syntax

The syntax is as follows for IPv6 for sshd:

ListenAddress host
ListenAddress IPv4_addr:port
ListenAddress [IPv6_addr]:port

Edit the /etc/ssh/sshd_config file (or /etc/ssh/sshd_config.d/ipv6.conf) using a text editor such as nano or vim, enter:
# vim /etc/ssh/sshd_config
# Using latest version of openssh? Try sshd_config.d dir #
# vim /etc/ssh/sshd_config.d/ipv6.conf

To bind sshd to every IPv4 and IPv6 address on your server, enter:

ListenAddress 0.0.0.0
ListenAddress ::

Want to bind sshd to every IPv6 2607:f0d0:1002:11::2 address on your server? Try:

ListenAddress [2607:f0d0:1002:11::2]

How about specifying custom port? For instance, to bind sshd to every IPv6 2607:f0d0:1002:11::2 address and TCP port 311 on your Linux and Unix server, enter:

ListenAddress [2607:f0d0:1002:11::2]:311

Configuring SSH to listen on IPv6 addresses

Configure OpenSSH To Listen On an IPv6 Address
  • If port is not specified, sshd will listen on the address and all prior Port options specified.
  • The default is to listen on all local addresses. Multiple ListenAddress options are permitted.
  • Additionally, any Port options must precede this option for non port qualified addresses.

Save and close the file. If you changed the port, update your iptables or pf firewall or ufw command/iptables command configuration. For example, here is how I update my firewall config on a Debian or Ubuntu Linux when using ufw to open TCP port 2222 for ssh:
$ sudo ufw allow 2222/tcp
## Allow ssh specific IPv6 such as 2606:4700::6810:84e5
$ sudo ufw allow from 2606:4700::6810:84e5 to any port 22 proto tcp

Related
Also, check all our complete firewall tutorials for Alpine Linux Awall, CentOS 8, OpenSUSE, RHEL 8, Debian 12/11, Ubuntu Linux version 16.04 LTS/18.04 LTS/20.04 LTS, and 22.04 LTS.

Checking sshd server config

Also do check syntax errors before restarting sshd server. For example:
# /usr/sbin/sshd -t
Finally, reload sshd as per your Linux or Unix operating system version:
# service sshd reload
# Are you using systemd based Linux distro? Try #
# systemctl reload sshd

Summing up

You know how to configure SSH to listen on IPv6 or IPv4 addresses only by editing the config file. See the following manual pages using the man command:
$ man 5 sshd_config

This entry is 9 of 23 in the Linux/Unix OpenSSH Tutorial series. Keep reading the rest of the series:
  1. Top 20 OpenSSH Server Best Security Practices
  2. How To Set up SSH Keys on a Linux / Unix System
  3. OpenSSH Config File Examples For Linux / Unix Users
  4. Audit SSH server and client config on Linux/Unix
  5. How to install and upgrade OpenSSH server on FreeBSD
  6. Ubuntu Linux install OpenSSH server
  7. Install OpenSSH server on Alpine Linux (including Docker)
  8. Debian Linux Install OpenSSH SSHD Server
  9. Configure OpenSSH To Listen On an IPv6 Address
  10. OpenSSH Server connection drops out after few minutes of inactivity
  11. Display banner/message before OpenSSH authentication
  12. Force OpenSSH (sshd) to listen on selected multiple IP address only
  13. OpenSSH Change a Passphrase With ssh-keygen command
  14. Reuse SSH Connection To Speed Up Remote Login Process Using Multiplexing
  15. Check Syntax Errors before Restarting SSHD Server
  16. Change the ssh port on Linux or Unix server
  17. OpenSSH Deny or Restrict Access To Users and Groups
  18. Linux OpenSSH server deny root user access / log in
  19. Disable ssh password login on Linux to increase security
  20. SSH ProxyCommand example: Going through one host to reach server
  21. OpenSSH Multiplexer To Speed Up OpenSSH Connections
  22. Install / Append SSH Key In A Remote Linux / UNIX Servers Authorized_keys
  23. Use ssh-copy-id with an OpenSSH Server Listening On a Different Port

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

2 comments… add one
  • Jan Jan 31, 2011 @ 18:31

    You forgot to mention the sshd_config parameter AddressFamily any/inet/inet6 and accompanying commandline parameters -4 and -6 to further finegrain sshd usage.

  • pushapdant Jun 3, 2013 @ 6:34

    Hi,
    I am trying to setup ntpd for ipv6. /etc/ntd.conf is not liking ipv6 local link addresses at its server address. Even i tried using %interface but no luck. Have you tried including ipv6 local link address in your sshd_config ? Let me know if it works for you.

    Thanks,
    Pushpadant

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.