Bug#1063842: openssh-server: Binding to a static IPv6 address causes sshd to fail at bootup
Package: openssh-server
Version: 1:9.2p1-2+deb12u2
Severity: important
Tags: ipv6
X-Debbugs-Cc: bert@rptbgd.firenzee.com
Dear Maintainer,
I configured SSH with a static IPv6 ListenAddress.
During bootup, SSH tries to start before the IPv6 address has been fully bound to the host (ie during duplicate address detection)
This results in SSH failing to start with "Cannot bind any address" and a return code of 255.
The systemd unit file for ssh contains "RestartPreventExitStatus=255" which causes it to give up when it encounters this error.
In a cloud environment this is a critical failure as it renders the host inaccessible.
The same thing occurs if the static IPv6 address is assigned a different way (eg via SLAAC or DHCPv6)
If you remove this line, systemd tries again and succeeds once the address has been bound to the host. I generally also add "StartSec=15s" to prevent it trying too frequently.
This manual change is not persistent, as it gets overwritten next time you update the package.
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-10-cloud-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openssh-server depends on:
ii adduser 3.134
ii debconf [debconf-2.0] 1.5.82
ii init-system-helpers 1.65.2
ii libaudit1 1:3.0.9-1
ii libc6 2.36-9+deb12u4
ii libcom-err2 1.47.0-2
ii libcrypt1 1:4.4.33-2
ii libgssapi-krb5-2 1.20.1-2+deb12u1
ii libkrb5-3 1.20.1-2+deb12u1
ii libpam-modules 1.5.2-6+deb12u1
ii libpam-runtime 1.5.2-6+deb12u1
ii libpam0g 1.5.2-6+deb12u1
ii libselinux1 3.4-1+b6
ii libssl3 3.0.11-1~deb12u2
ii libsystemd0 252.22-1~deb12u1
ii libwrap0 7.6.q-32
ii openssh-client 1:9.2p1-2+deb12u2
ii openssh-sftp-server 1:9.2p1-2+deb12u2
ii procps 2:4.0.2-3
ii runit-helper 2.15.2
ii sysvinit-utils [lsb-base] 3.06-4
ii ucf 3.0043+nmu1
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages openssh-server recommends:
ii libpam-systemd [logind] 252.22-1~deb12u1
pn ncurses-term <none>
pn xauth <none>
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
pn ssh-askpass <none>
pn ufw <none>
-- debconf information:
openssh-server/permit-root-login: true
openssh-server/password-authentication: false
Reply to: