Bug#1063842: openssh-server: Binding to a static IPv6 address causes sshd to fail at bootup

To: 1063842@bugs.debian.org
Subject: Bug#1063842: openssh-server: Binding to a static IPv6 address causes sshd to fail at bootup
From: bert@ev6.net
Date: Wed, 21 Feb 2024 13:08:45 +0700
Message-id: <[🔎] E21E3C8B-B637-4105-A0C8-3F6AFEC43FC9@ev6.net>
Reply-to: bert@ev6.net, 1063842@bugs.debian.org
References: <[🔎] 170782999775.1212522.1173786507734228564.reportbug@provision.us-east-2.rpt.remotepentest.com>

Thanks for the info on making a persistent change, this is helpful as a workaround for now.

I had previously tried to make it start after networking or networkmanager, without success. It seems it doesn’t wait for DAD.

It would be better if SSHD didn’t give up in scenarios like this, and kept retrying to start. For hosts without physical access, a lack of SSHD can be a big problem. 

Firewall rules are not always desirable, as enabling the firewall (and especially conntrack) can incur a significant performance hit, or introduce other problems. Systems acting as routers, or being used for network scanning for example.

There are also other reasons to bind to specific addresses, for instance if you want to run something else on the same port but a different address.

In any case binding to a specific address is a documented feature of OpenSSH, so it should be usable.

Reply to:

References:
- Bug#1063842: openssh-server: Binding to a static IPv6 address causes sshd to fail at bootup
  - From: Bert <bert@rptbgd.firenzee.com>

Prev by Date: Bug#1064347: openssh-server: sshd crashes under heavy traffic
Next by Date: Bug#1059393: openssh: CVE-2023-51767
Previous by thread: Bug#1063842: openssh-server: Binding to a static IPv6 address causes sshd to fail at bootup
Next by thread: Bug#1064347: openssh-server: sshd crashes under heavy traffic
Index(es):
- Date
- Thread