The 'address to bind' and 'port number to bind' specify the IP address
or domain name and port to which the socket to be listened is bound.
Some strings used for the 'address to bind' have special-case
semantics.
"" means that connections are to be accepted on all protocol
families supported by the SSH implementation.
"0.0.0.0" means to listen on all IPv4 addresses.
"::" means to listen on all IPv6 addresses.
"localhost" means to listen on all protocol families supported by
the SSH implementation on loopback addresses only, [RFC3330] and
[RFC3513].
"127.0.0.1" and "::1" indicate listening on the loopback
interfaces for IPv4 and IPv6 respectively.
Note that the client can still filter connections based on information
passed in the open request.
Looks good overall, but there is an issue we should be aware of even if we decide not to make any change as a result. The difference between addresses and interfaces has already been pointed out, and the text has been altered appropriately. However, a similar issue applies to loopback addresses and interfaces -- they are not always bound together. A host may have multiple loopback interfaces only one of which is assigned the canonical loopback address -- the others may have alternate-loopback, private-use, or even routable addresses. Similarly, the loopback address may have been used on a physical interface, or (more likely), it may be possible to receive packets on the loopback address via a non-loopback interface.
We should be careful to specify exactly what we mean by "localhost", "127.0.0.1", and "::1". Do we mean that the ssh server should bind to the loopback address, or that it should listen on all loopback interfaces, regardless of address?
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+%cmu.edu@localhost> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA