bugzilla-daemon at bugzilla.mindrot.org
2012-May-14 07:19 UTC
[Bug 2008] New: IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008
Bug #: 2008
Summary: IPV6 Bind to port 22 failed
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: critical
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: kchen001 at alcatel-lucent.com
After upgraded to openssh 5.9p1, we cannot ssh to this node from other,
and find that port22 didn't bind ipv6 interface, after restart sshd it
works well.
We found this issue is resolved in official redhat version4.3p2, and in
the comments#18, it reused the source code of OpenSSH.
https://bugzilla.redhat.com/show_bug.cgi?id=640857
Here's the secure log:
grep error secure* secure:May 7 15:07:25 wc3il01pdanic1v1 sshd[27451]:
error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
It's our ssh version:
]# rpm -qa|grep openssh
openssh-5.9p1-1
openssh-clients-5.9p1-1
openssh-server-5.9p1-1
In /var/log/secure we found the following statement:
May 7 18:02:00 wc3il01pddnic2v1 sshd[6124]: Received signal 15;
terminating.
May 7 18:02:00 wc3il01pddnic2v1 sshd[3919]: error: Bind to port 22 on
:: failed: Address already in use.
May 7 18:02:01 wc3il01pddnic2v1 sshd[3919]: Server listening on
0.0.0.0 port 22.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-May-14 08:37 UTC
[Bug 2008] IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
Severity|critical |trivial
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2012-05-14
18:37:50 EST ---
What do you get when you run sshd from openssh-5.9p1 in debug mode (ie
"/path/to/your/sshd -ddd -p 2022")? You won't even need to
connect to
it.
On fedora, I get:
debug2: load_server_config: filename /usr/local/etc/sshd_config
debug2: load_server_config: done config len = 435
debug2: parse_server_config: config /usr/local/etc/sshd_config len 435
debug3: /usr/local/etc/sshd_config:13 setting Port 22
debug3: /usr/local/etc/sshd_config:58 setting
ChallengeResponseAuthentication yes
debug3: /usr/local/etc/sshd_config:60 setting Ciphers
aes128-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
debug3: cipher ok: aes128-ctr
[aes128-ctr,aes256-ctr,arcfour256,arcfour128,arcfour]
debug3: cipher ok: aes256-ctr
[aes128-ctr,aes256-ctr,arcfour256,arcfour128,arcfour]
debug3: cipher ok: arcfour256
[aes128-ctr,aes256-ctr,arcfour256,arcfour128,arcfour]
debug3: cipher ok: arcfour128
[aes128-ctr,aes256-ctr,arcfour256,arcfour128,arcfour]
debug3: cipher ok: arcfour
[aes128-ctr,aes256-ctr,arcfour256,arcfour128,arcfour]
debug3: ciphers ok:
[aes128-ctr,aes256-ctr,arcfour256,arcfour128,arcfour]
debug3: /usr/local/etc/sshd_config:76 setting AllowTcpForwarding yes
debug3: /usr/local/etc/sshd_config:77 setting GatewayPorts
clientspecified
debug3: /usr/local/etc/sshd_config:78 setting X11Forwarding yes
debug3: /usr/local/etc/sshd_config:79 setting XAuthLocation
/usr/bin/xauth
debug3: /usr/local/etc/sshd_config:81 setting X11UseLocalhost yes
debug3: /usr/local/etc/sshd_config:82 setting PrintMotd no
debug3: /usr/local/etc/sshd_config:89 setting ClientAliveInterval 300
debug3: /usr/local/etc/sshd_config:90 setting ClientAliveCountMax 3
debug3: /usr/local/etc/sshd_config:100 setting Subsystem sftp
/usr/local/libexec/sftp-server -f LOCAL7 -l INFO
debug1: sshd version OpenSSH_5.9p1
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1:
rexec_argv[0]='/home/dtucker/openssh/portable/openssh-5.9p1/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2022'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2022 on 0.0.0.0.
Server listening on 0.0.0.0 port 2022.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 2022 on ::.
Server listening on :: port 2022.
which indicates it's working as expected here.
Are you sure you don't still have the old sshd or something else
listening on port 22? immediately before starting the sshd, do you get
any "LISTEN" states from "lsof -i :22" ?
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-May-16 08:52 UTC
[Bug 2008] IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008 --- Comment #2 from kchen001 at alcatel-lucent.com 2012-05-16 18:52:03 EST --- Hi, Here's what we got, while currently the node's ssh function works well, is that log helpful? Or do I need to reproduce it? debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 808 debug2: parse_server_config: config /etc/ssh/sshd_config len 808 debug3: /etc/ssh/sshd_config:14 setting Protocol 2 debug3: /etc/ssh/sshd_config:32 setting SyslogFacility AUTHPRIV debug3: /etc/ssh/sshd_config:33 setting LogLevel INFO debug3: /etc/ssh/sshd_config:38 setting PermitRootLogin no debug3: /etc/ssh/sshd_config:39 setting StrictModes yes debug3: /etc/ssh/sshd_config:40 setting MaxAuthTries 6 debug3: /etc/ssh/sshd_config:43 setting PubkeyAuthentication yes debug3: /etc/ssh/sshd_config:47 setting RhostsRSAAuthentication no debug3: /etc/ssh/sshd_config:49 setting HostbasedAuthentication no debug3: /etc/ssh/sshd_config:54 setting IgnoreRhosts yes debug3: /etc/ssh/sshd_config:58 setting PermitEmptyPasswords no debug3: /etc/ssh/sshd_config:59 setting PasswordAuthentication yes debug3: /etc/ssh/sshd_config:63 setting ChallengeResponseAuthentication no debug3: /etc/ssh/sshd_config:73 setting GSSAPIAuthentication yes debug3: /etc/ssh/sshd_config:75 setting GSSAPICleanupCredentials yes debug3: /etc/ssh/sshd_config:86 setting UsePAM yes debug3: /etc/ssh/sshd_config:89 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: /etc/ssh/sshd_config:90 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: /etc/ssh/sshd_config:91 setting AcceptEnv LC_IDENTIFICATION LC_ALL debug3: /etc/ssh/sshd_config:93 setting GatewayPorts no debug3: /etc/ssh/sshd_config:94 setting X11Forwarding no debug3: /etc/ssh/sshd_config:97 setting PrintMotd yes debug3: /etc/ssh/sshd_config:98 setting PrintLastLog no debug3: /etc/ssh/sshd_config:104 setting ClientAliveInterval 900 debug3: /etc/ssh/sshd_config:105 setting ClientAliveCountMax 0 debug3: /etc/ssh/sshd_config:114 setting Banner /etc/ssh/sshd_banner_pcm debug3: /etc/ssh/sshd_config:117 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug1: sshd version OpenSSH_5.9p1 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='2022' debug3: oom_adjust_setup Set /proc/self/oom_adj from 0 to -17 debug2: fd 3 setting O_NONBLOCK debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY debug1: Bind to port 2022 on ::. Server listening on :: port 2022. debug2: fd 4 setting O_NONBLOCK debug1: Bind to port 2022 on 0.0.0.0. Server listening on 0.0.0.0 port 2022. Regards, Carol -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-May-19 05:00 UTC
[Bug 2008] IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008 --- Comment #3 from Darren Tucker <dtucker at zip.com.au> 2012-05-19 15:00:47 EST --- The log does not show any problems binding to IPv6 or IPv4, so the problem is either a) you have something else listening on port 22 other than the newly-build sshd, or the log messages in your syslog are not from the newly-built sshd (possibly the original vendor-supplied one?) -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-01 00:20 UTC
[Bug 2008] IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008 --- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2012-06-01 10:20:25 EST --- As I asked before: "Are you sure you don't still have the old sshd or something else listening on port 22? immediately before starting the sshd, do you get any "LISTEN" states from "lsof -i :22" ?" -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-04 07:55 UTC
[Bug 2008] IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008 --- Comment #5 from kchen001 at alcatel-lucent.com 2012-06-04 17:55:17 EST --- Hi, 1. How do I know whether there're other sshd or something else listten ning on port 22? 2. About the suggestion "starting the sshd, do you get any "LISTEN" states from "lsof -i :22" ?"", would you please clarify how shall I do to check the states? If you provide detailed steps would be appreciated. Regards, Carol -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-04 08:01 UTC
[Bug 2008] IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008
kchen001 at alcatel-lucent.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kchen001 at alcatel-lucent.com
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-11 07:17 UTC
[Bug 2008] IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008 --- Comment #6 from kchen001 at alcatel-lucent.com 2012-06-11 17:17:36 EST --- Hi, Any update? Regards, Carol -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-11 10:50 UTC
[Bug 2008] IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008 --- Comment #7 from Darren Tucker <dtucker at zip.com.au> 2012-06-11 20:50:05 EST --- did you try running the lsof command I asked for earlier (twice)? -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-12 01:20 UTC
[Bug 2008] IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008 --- Comment #8 from kchen001 at alcatel-lucent.com 2012-06-12 11:20:39 EST --- (In reply to comment #7)> did you try running the lsof command I asked for earlier (twice)?Sorry, I didn't quit understand your earlier request. Let me clarify it: Shall I do like this: 1. stop sshd 2. run 'lsof -i :22' and send you the result. Please let me know whether this is the correct procedure you need. Regards, Carol -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-12 07:24 UTC
[Bug 2008] IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008 --- Comment #9 from Darren Tucker <dtucker at zip.com.au> 2012-06-12 17:24:22 EST --- lsof is "list open files". The "-i" means "show me what's listening on Internet sockets" (see the lsof man page for mor info). In this case, we're interested in what's listening on port 22 other than the sshd you just installed. So, yes, stop the sshd you just install, then run "lsof -i :22" (you'll probably need to run this as root). Depending on who or what is connected to ssh on the machine you may get a bunch of output. but the only lines we're interested in will have "LISTEN" in them and look something like this: $ sudo lsof -i :22 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 2044 root 3u IPv4 21174 0t0 TCP *:ssh (LISTEN) sshd 2044 root 4u IPv6 21176 0t0 TCP *:ssh (LISTEN) In this example, we have one sshd (pid 2044) listening on IPv4 and IPv6 sockets. I suspect what you'll see is one line with sshd listening even after you stop the new sshd you just installed. In your case, you can just run "sudo lsof -i :22 | grep LISTEN" once you've stopped sshd and that will show you whether or not there's something else listening on port 22, and if so what the name of the binary is. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-12 08:12 UTC
[Bug 2008] IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008 --- Comment #10 from kchen001 at alcatel-lucent.com 2012-06-12 18:12:00 EST --- Just found a server which had bind error before. And stop sshd then run the lsof command, there's no listen in them, but there're some "ESTABLISHED" in them. Actually I cannot reproduce this issue, is it helpful? Or would it be helpful to run lsof when it's reproduced? Regards, Carol -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-14 08:16 UTC
[Bug 2008] IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008 --- Comment #11 from kchen001 at alcatel-lucent.com 2012-06-14 18:16:25 EST --- Hi, If it's hard to analyze this issue, I will keep an eye on it and when it's reproduced, I'll try to run the "lsof -i :22" command before start the sshd service. Is there anything I can do about it? Regards, Carol -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-17 03:43 UTC
[Bug 2008] IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
--- Comment #12 from Darren Tucker <dtucker at zip.com.au> 2012-06-17
13:43:50 EST ---
Actually, I don't think there is any issue. The debug output from your
system shows that it's happily binding correctly, which means that the
log messages you observed are either due to another process binding to
port 22, or that the log messages are in fact from the *old* version of
sshd.
If you do see this again, check that the message is really from the new
sshd and that you don't have another process listening on port 22
(using the lsof command I gave earlier).
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-20 01:27 UTC
[Bug 2008] IPV6 Bind to port 22 failed
https://bugzilla.mindrot.org/show_bug.cgi?id=2008 --- Comment #13 from kchen001 at alcatel-lucent.com 2012-06-20 11:27:15 EST --- Thanks for your help. Then I'll keep an eye on it. When it's reproduced, I will use this command "lsof -i :22" to check whether there's another process bind on it. Thanks, Carol -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.