Bug 3272

Summary: sshd systemd service unit launch sshd too early at bootup
Product: Portable OpenSSH Reporter: Olivier Langlois <olivier>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED INVALID    
Severity: normal CC: dtucker
Priority: P5    
Version: 8.5p1   
Hardware: amd64   
OS: Linux   

Description Olivier Langlois 2021-03-06 09:59:24 AEDT 
The result being the following:
Mar 04 11:26:05 tau sshd[442]: error: Bind to port 2243 on 10.230.131.4 failed: Cannot assign requested address.
Mar 04 11:26:05 tau systemd[1]: sshd.service: Main process exited, code=exited, status=255/EXCEPTION
Mar 04 11:26:05 tau sshd[442]: fatal: Cannot bind any address.
Mar 04 11:26:05 tau systemd[1]: sshd.service: Failed with result 'exit-code'.

It attempts to bind to an ip address before it is actually configured and available.

There is an easy fix for that. It is to use the systemd target network-online.target instead of the target network.target.

Details are provided here:
https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

I did fix your service unit file very easily by changing it to:

[Unit]
Description=OpenSSH Daemon
Wants=sshdgenkeys.service network-online.target
After=sshdgenkeys.service network-online.target

[Service]
ExecStart=/usr/bin/sshd -D
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always

[Install]
WantedBy=multi-user.target
Comment 1 Olivier Langlois 2021-03-06 10:13:52 AEDT 
As a side note, I believe that I have stumbled into that bug because I specify a specific ip address of my multi-homed server in sshd_config at the field ListenAddress.

as denoted at the bottom of https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

servers using the address 0.0.0.0 are unaffected.

Perhaps that an elegant solution to not affect the boot time of systems that don't have this issue could be to bundle 2 service units with openssh.

1. The current one that wants network.target
2. A new unit that wants network-online.target for the sshd instances that listen to specific addresses only available when the network is online.
Comment 2 Olivier Langlois 2021-03-06 10:30:49 AEDT 
Here is one last idea. Considering how vital sshd is to admin a headless system, I think that it could be a good idea to never giveup attempting to restart it... This could be done with this:

[Service]
ExecStart=/usr/bin/sshd -D
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
StartLimitIntervalSec=0
RestartSec=20s
Comment 3 Darren Tucker 2021-03-06 11:58:46 AEDT 
The OpenSSH team does not supply a systemd unit file so there's nothing we can do about this.  You will need to report this to your OS vendor.
Comment 4 Olivier Langlois 2021-03-06 14:17:00 AEDT 
sorry about that.

I'll report to the appropriate recipient.

thank you nonetheless for the fast reply.
Comment 5 Darren Tucker 2021-03-06 16:15:16 AEDT 
Good luck!  Feel free to add a link here to the vendor report in case anyone else is having a similar issue and finds this bug.
Comment 6 Damien Miller 2021-04-23 15:01:32 AEST 
closing resolved bugs as of 8.6p1 release