3272 – sshd systemd service unit launch sshd too early at bootup

Bug 3272 - sshd systemd service unit launch sshd too early at bootup

Summary: sshd systemd service unit launch sshd too early at bootup

Status:	CLOSED INVALID

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	8.5p1
Hardware:	amd64 Linux

Importance:	P5 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-03-06 09:59 AEDT by Olivier Langlois
Modified:	2021-04-23 15:01 AEST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Olivier Langlois 2021-03-06 09:59:24 AEDT

The result being the following:
Mar 04 11:26:05 tau sshd[442]: error: Bind to port 2243 on 10.230.131.4 failed: Cannot assign requested address.
Mar 04 11:26:05 tau systemd[1]: sshd.service: Main process exited, code=exited, status=255/EXCEPTION
Mar 04 11:26:05 tau sshd[442]: fatal: Cannot bind any address.
Mar 04 11:26:05 tau systemd[1]: sshd.service: Failed with result 'exit-code'.

It attempts to bind to an ip address before it is actually configured and available.

There is an easy fix for that. It is to use the systemd target network-online.target instead of the target network.target.

Details are provided here:
https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

I did fix your service unit file very easily by changing it to:

[Unit]
Description=OpenSSH Daemon
Wants=sshdgenkeys.service network-online.target
After=sshdgenkeys.service network-online.target

[Service]
ExecStart=/usr/bin/sshd -D
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always

[Install]
WantedBy=multi-user.target

Comment 1 Olivier Langlois 2021-03-06 10:13:52 AEDT

As a side note, I believe that I have stumbled into that bug because I specify a specific ip address of my multi-homed server in sshd_config at the field ListenAddress.

as denoted at the bottom of https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

servers using the address 0.0.0.0 are unaffected.

Perhaps that an elegant solution to not affect the boot time of systems that don't have this issue could be to bundle 2 service units with openssh.

1. The current one that wants network.target
2. A new unit that wants network-online.target for the sshd instances that listen to specific addresses only available when the network is online.

Comment 2 Olivier Langlois 2021-03-06 10:30:49 AEDT

Here is one last idea. Considering how vital sshd is to admin a headless system, I think that it could be a good idea to never giveup attempting to restart it... This could be done with this:

[Service]
ExecStart=/usr/bin/sshd -D
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
StartLimitIntervalSec=0
RestartSec=20s

Comment 3 Darren Tucker 2021-03-06 11:58:46 AEDT

The OpenSSH team does not supply a systemd unit file so there's nothing we can do about this.  You will need to report this to your OS vendor.

Comment 4 Olivier Langlois 2021-03-06 14:17:00 AEDT

sorry about that.

I'll report to the appropriate recipient.

thank you nonetheless for the fast reply.

Comment 5 Darren Tucker 2021-03-06 16:15:16 AEDT

Good luck!  Feel free to add a link here to the vendor report in case anyone else is having a similar issue and finds this bug.

Comment 6 Damien Miller 2021-04-23 15:01:32 AEST

closing resolved bugs as of 8.6p1 release