The Wombelix Post - failedhttps://dominik.wombacher.cc/2022-03-02T00:00:00+01:00sshd error - Bind to port failed: Cannot assign requested address2022-03-02T00:00:00+01:002022-03-02T00:00:00+01:00Dominik Wombachertag:dominik.wombacher.cc,2022-03-02:/posts/sshd_error_bind_to_port_failed_cannot_assign_requested_address.html<!-- SPDX-FileCopyrightText: 2023 Dominik Wombacher <dominik@wombacher.cc> -->
<!-- -->
<!-- SPDX-License-Identifier: CC-BY-SA-4.0 -->
<p>I faced a very weird issue today, sshd failed to start on boot because <em>ListenAddress</em> was set
but <em>network.target</em> doesn't mean IP addresses are already assigned and ready. So ... <a class="read-more" href="/posts/sshd_error_bind_to_port_failed_cannot_assign_requested_address.html"> [read more]</a></p><!-- SPDX-FileCopyrightText: 2023 Dominik Wombacher <dominik@wombacher.cc> -->
<!-- -->
<!-- SPDX-License-Identifier: CC-BY-SA-4.0 -->
<p>I faced a very weird issue today, sshd failed to start on boot because <em>ListenAddress</em> was set
but <em>network.target</em> doesn't mean IP addresses are already assigned and ready. So the configured
IP isn't available, therefore sshd can't bind a Port and failed with <em>fatal: Cannot bind any address</em>.</p>
<p>I thought this can be fixed by adjusting the sshd systemd unit, everything I found online also pointed
into that direction, for example a <a class="reference external" href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982950">Debian</a>
(Archive: <a class="reference external" href="https://web.archive.org/web/20220302224510/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982950">[1]</a>,
<a class="reference external" href="https://archive.today/2022.03.02-224450/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982950">[2]</a>)
and <a class="reference external" href="https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/216847/">Ubuntu</a>
(Archive: <a class="reference external" href="https://web.archive.org/web/20210901133033/https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/216847/">[1]</a>,
<a class="reference external" href="https://archive.today/2022.03.02-224617/https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/216847/">[2]</a>) Bug report.</p>
<pre class="code text literal-block">
/etc/systemd/system/ssh.service.d/override.conf
[Unit]
After=network-online.target auditd.service
</pre>
<p>The above systemd override seem to be one of the popular solutions which works for a lot of people.
Unfortunately none of the various After/Wants combinations worked in my case on Debian 11.</p>
<p>I had to go with the workaround to allow system wide port binding to not (yet) assigned IP addresses
by adjusting two sysctl values as described on <a class="reference external" href="https://serverfault.com/a/941426">serverfault</a>
(Archive: <a class="reference external" href="https://web.archive.org/web/20220302224659/https://serverfault.com/questions/941421/servers-fail-to-bind-to-addresses-at-boot/941426">[1]</a>,
<a class="reference external" href="https://archive.today/2022.03.02-224737/https://serverfault.com/questions/941421/servers-fail-to-bind-to-addresses-at-boot/941426%23941426">[2]</a>).</p>
<pre class="code text literal-block">
net.ipv4.ip_nonlocal_bind=1
net.ipv6.ip_nonlocal_bind=1
</pre>
<p>Probably not the most elegant solution but it's working and due to the fact that multiple IP addresses are
assigned to the Server, I have to specify on which the SSH Daemon is listening and can't just let em bind to all.</p>