Description of problem: The default sshd_config does not specify a specific interface to listen on. When it attempts to bind port 22, it does so on ipv6 then ipv4. The second attempt targeting ipv4 proceeds to throw an error due to a failed attempt to bind the port. Version-Release number of selected component (if applicable): openssh-4.3p2-41.el5 How reproducible: Constantly. Steps to Reproduce: 1. Install RHEL server 2. Restart sshd 3. tail /var/log/secure Actual results: Oct 6 22:18:12 infra3 sshd[1732]: Received signal 15; terminating. Oct 6 22:18:13 infra3 sshd[3537]: Server listening on :: port 22. Oct 6 22:18:13 infra3 sshd[3537]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use. Expected results: Oct 6 22:18:12 infra3 sshd[1732]: Received signal 15; terminating. Oct 6 22:18:13 infra3 sshd[3537]: Server listening on :: port 22. Additional info: I realize that this is not a big deal, its a benign error. But its an unnecessary error, and something admins in our organization have noticed and set their sshd_config's Listen value to prevent.
can you contact Red Hat support please?
RH Ticket 918088 created
Please include your sshd_config and network configuration to be able to reproduce the problem. Indicate the specific settings that can affect the behavior of sshd.
I can confirm that the error occurs after restarting the service. I can also confirm that there the port is bound only on IPV6. But trying to connect the host via IPV4 I've found no error. This seems to be caused unexpected IPv4/IPv6 behavior in rhel5.
Reassigning to the kernel because it is due the kernel behavior.
From man 7 ipv6: ---- IPv4 and IPv6 share the local port space. When you get an IPv4 connection or packet to a IPv6 socket, its source address will be mapped to v6 and it will be mapped to v6. ---- Obviously, there cannot be two sockets bound to the same port on the same address (or on INADDR_ANY/in6addr_any). The kernel is behaving as expected here. ssh should bind only to ipv6 when both ipv4 and ipv6 variants are returned by getaddrinfo with AF_UNSPEC. Reassigning back.
Actually, a better solution is to set the IPV6_V6ONLY option on the IPv6 socket. The reason for the reported behavior are IPv4-mapped IPv6 addresses. Linux AF_INET6 socket interface by default supports IPv4-compatible mode (RFC 3493 section 3.7). Thus, the IPv6 socket receives also all IPv4 traffic. Specifying the socket as IPV6_V6ONLY (RFC 3493 section 5.3) turns off the behavior, allowing the application to listen both on IPv4 and IPv6 socket.
Created attachment 527240 [details] sshd patch to set IPV6_V6ONLY (untested)
Created attachment 536373 [details] use IPV6_V6ONLY for inet6 socket This patch will be used in update. It is adapted from openssh-5.9p1 and it's similar to #c14 Before: Nov 25 17:33:23 rhel-5-openssh sshd[2488]: Server listening on :: port 22. Nov 25 17:33:23 rhel-5-openssh sshd[2488]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use. After: Nov 25 17:34:08 rhel-5-openssh sshd[2538]: Server listening on :: port 22. Nov 25 17:34:08 rhel-5-openssh sshd[2538]: Server listening on 0.0.0.0 port 22.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0237.html