Why would I pick IPv4 or IPv6 for SSH access?

Moshe asked:

I’m setting up a Linode server and the Getting Started security guide suggests disabling ssh access over either IPv4 or IPv6 so that I only have one of the two enabled.

I understand the general theory of reducing attack surface, but why would I pick one over the other? How do I know which one I need?

Listen on only one internet protocol. The SSH daemon listens for incoming connections over both IPv4 and IPv6 by default. Unless you need to SSH into your Linode using both protocols, disable whichever you do not need. This does not disable the protocol system-wide, it is only for the SSH daemon.

My answer:

As you may know there are many automated bots out there trying to break into systems on the Internet. Some of these attempt to connect to every system on the Internet via ssh and try common passwords.

Everyone who has ever put a system on the network has seen their logs fill up with messages about break in attempts. But, they are all on IPv4! There are none on IPv6. Bots attempt to connect to every IPv4 address that exists, but this is impossible with IPv6 as there are too many of them.

I usually leave both protocols enabled, but when I do disable one, it is IPv4.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.