Bug 2036451 - error: Bind to port 22 on 172.16.0.1 failed: Cannot assign requested address
Summary: error: Bind to port 22 on 172.16.0.1 failed: Cannot assign requested address
Keywords:
Status: CLOSED DUPLICATE of bug 1936538
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: 35
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Dmitry Belyavskiy
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-01-01 21:18 UTC by Egbert S.
Modified: 2022-01-03 18:48 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-01-03 18:48:32 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FC-359 0 None None None 2022-01-01 21:25:01 UTC

Description Egbert S. 2022-01-01 21:18:10 UTC 
Description of problem:

OpenSSH daemon is struggling to define a network socket to each interface (but not all) with different port numbers.

Turned off 'SELinux', same problem persist.



Version-Release number of selected component (if applicable):

- OpenSSH v8.7p1
  - OpenSSL 1.1.11
  - FIPS 24 Aug 2021


How reproducible:

- 100% reproducible in Fedora 35 under SELinux.  All 4 sockets failed.

- Partially reproduciable under disabled SELinux: two sockets failed.

- Works normally in Debian 8 and Debian 9: All 4 sockets successfully opened.



Steps to Reproduce:

1.  Edit `/etc/ssh/sshd_config`
2.  Add/replace 'Port'  with `Port 922`
3.  Add/replace `ListenAddress` with following

```
Port 922
ListenAddress 127.0.0.1:922  # this one gets port 922
ListenAddress 172.28.130.3   # this one gets port 922
ListenAddress 10.10.0.1:22   # port 22
ListenAddress 172.16.0.1:22  # port 22
```

4. Add '922' to `ssh_port_t`

```
  semanage port --add -t ssh_port_t -r 's0' -p 922
```

5. Restart `sshd.service` unit file 



Actual results:

In `/var/log/messages`, the following error message occurred:

```
Jan  1 15:35:31 helium sshd[686]: error: Bind to port 22 on 172.16.0.1 failed: Cannot assign requested address.
Jan  1 15:35:31 helium sshd[686]: error: Bind to port 22 on 10.10.0.1 failed: Cannot assign requested address.

```


Expected results:

To be able to execute `lsof -i -n` for SSH and get the following output:

```
sshd     929   root    3u  IPv4  24195      0t0  TCP 172.28.130.3:922 (LISTEN)
sshd     929   root    4u  IPv4  24197      0t0  TCP 172.16.0.1:ssh (LISTEN)
sshd     929   root    5u  IPv4  24199      0t0  TCP 10.10.0.1:ssh (LISTEN)
sshd     929   root    6u  IPv4  24201      0t0  TCP 127.0.0.1:922 (LISTEN)
```


Additional info:

Had to BOOT to get into this strange SSH multi-socket state.  Repeated systemd restart of `sshd.service` often restores the problem.   Quite an urgent situation when the box is remote.

Disabling SELinux opens HALF of those ports, at 922/tcp, at boot-up time.

Something is blocking port 22 during bootup, because port 922/tcp socket got created at bootup and sshd daemon opened only those 922 ones.  A simple `systemctl restart sshd.service` allows 4 port to open.
Comment 1 Egbert S. 2022-01-01 21:26:31 UTC 
I often debug OpenSSH for in-house code reviews and put my hardening findings into https://github.com/egberts/easy-admin/490-net-ssh

But this variant of OpenSSH is my first time that I can no longer conduct a decent GDB session on sshd binary given the additional (but strange) constraints being put on by the removal of PAM, the additional `systemd` settings (no strace allowed), and this socket issue.

I'm open to suggestion on how to continue debugging this OpenSSH daemon.
Comment 2 Dmitry Belyavskiy 2022-01-03 10:54:32 UTC 
Isn't it a duplicate of bz#1936538?
Comment 3 Egbert S. 2022-01-03 18:48:32 UTC 
Now that I have reviewed this 'duplicate'; this BZ is a duplicate of bz#1936538.

*** This bug has been marked as a duplicate of bug 1936538 ***
Note You need to log in before you can comment on or make changes to this bug.