Package: openssh-client Version: 1:6.7p1-5+deb8u3 Executive summary: Browsers need short-lived addresses which can't be tracked whereas ssh needs long-lived addresses which ensure that connections aren't cut after a couple of hours.
Long explanation: By default, IPv6 creates client addresses which contain the client PC's MAC address, which exposes the user to tracking by malicious web servers or ad networks. That's why RFC 3041 introduced privacy extensions which allow to set up "temporary" addresses which don't contain the MAC, but which are recycled quickly. The temporary address is defined in _addition_ to the public address. The temporary address is to be used for outgoing connection by exposed programs, such as web browsers. The public address is to be used for incoming connections (where PC is a server), and by long-lived clients such as openssh which connect to trusted servers https://home.regit.org/2011/04/ipv6-privacy/ sysctl -w net.ipv6.conf.eth0.use_tempaddr=2 The issue: openssh too uses the temporary address, leading to connection interruptions whenever the address cycles, or at least such behavior should be configurable. Openssh should use setsockopt(socket, IPPROTO_IPV6, IPV6_ADDR_PREFERENCES, &value, sizeof(value)) to explicitly opt for the public address. See also this bug on RedHat (which suggests to make the behavior configurable): https://bugzilla.redhat.com/show_bug.cgi?id=512032 Thanks, Alain
