Hide Forgot
1. What is the nature and description of the request? sshd do not use the IP_FREEBIND socket option, that allows application to bind on IP address, which is not (yet) configured on any interface. 2. Why would you need this? (List the business requirements here) To avoid startup failure and errors in the logs during openssh daemon startup when listening to a specific address. 3. How would you like to achieve this? (List the functional requirements here) Implementing ip_freebind and allowing sshd to bind and listen on an ip, even if networkmanager has not yet finished setting up the network 4. For each functional requirement listed, specify how you can test to confirm the requirement is successfully implemented. Have networks configured via dhcpd and delay the configuration of the nics. 5. Do you have any specific timeline dependencies ? asap 6. Would you be able to assist in testing this functionality if implemented? Sure
*** Bug 2001221 has been marked as a duplicate of this bug. ***
*** Bug 1096081 has been marked as a duplicate of this bug. ***
Dmitry, based on https://marc.info/?l=openssh-unix-dev&m=162745909408274&w=2, what are we going to do with this request?
Some real world use-case examples: Port 22 open on the internal netdev interfaces and Port 2222 on the external netdev interfaces. Many router-based Redhat will be impacted by this inability to set multiple SSH port numbers. Example `sshd_config` ``` Port 2222 ListenAddress 172.28.140.1:22 ListenAddress 172.28.200.1:22 ListenAddress 0.0.0.0 ``` Running CentOS 8.4, OpenSSH v8.0.
*** Bug 2036451 has been marked as a duplicate of this bug. ***
I found a workaround to this issue from a comment in another duplicate BZ#2001221 : ~~~~~~~~~~~~~~~~ Adding 'After=network-online.target' as a dependency under the sshd.service unit file helps to start sshd without fail. But any future updates of openssh-server will override these changes. Need a permanent solution.
(In reply to Egbert S. from comment #21) > I found a workaround to this issue from a comment in another duplicate > BZ#2001221 : > ~~~~~~~~~~~~~~~~ > > Adding 'After=network-online.target' as a dependency under the sshd.service > unit file helps to start sshd without fail. > > But any future updates of openssh-server will override these changes. Need a > permanent solution. You should not modify the service file under the /usr/lib, but create a service file in /etc/systemd/system/sshd.service with this content (or use drop-in directory /etc/systemd/system/sshd.service.d/) to provide local modifications. And reload systemd to apply the changes.
we can do this workaround by executing: systemctl edit sshd.service and inserting the following: [Unit] After=network-online.target which will put our tiny fixes in and hopefully survive through any clobbering by its future package upgrade.
I tend to close this bug as WONTFIX. There is a feasible workaround and a proper fix will require a bit more efforts than we can apply.
*** Bug 2079827 has been marked as a duplicate of this bug. ***
*** Bug 2131524 has been marked as a duplicate of this bug. ***