FS#69894 - [openssh] Failed to listen on specified address at boot due to service unit target

Attached to Project: Arch Linux
Opened by Olivier Langlois (lano1106) - Saturday, 06 March 2021, 04:05 GMT
Last edited by Giancarlo Razzolini (grazzolini) - Sunday, 07 March 2021, 01:32 GMT
Task Type Feature Request
Category Packages: Core
Status Closed
Assigned To Lukas Fleischer (lfleischer)
Levente Polyak (anthraxx)
Giancarlo Razzolini (grazzolini)
Architecture x86_64
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

The result being the following:
Mar 04 11:26:05 tau sshd[442]: error: Bind to port 2243 on 10.230.131.4 failed: Cannot assign requested address.
Mar 04 11:26:05 tau systemd[1]: sshd.service: Main process exited, code=exited, status=255/EXCEPTION
Mar 04 11:26:05 tau sshd[442]: fatal: Cannot bind any address.
Mar 04 11:26:05 tau systemd[1]: sshd.service: Failed with result 'exit-code'.

It attempts to bind to an ip address before it is actually configured and available.

There is an easy fix for that. It is to use the systemd target network-online.target instead of the target network.target.

Details are provided here:
https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

I did fix your service unit file very easily by changing it to:

[Unit]
Description=OpenSSH Daemon
Wants=sshdgenkeys.service network-online.target
After=sshdgenkeys.service network-online.target

[Service]
ExecStart=/usr/bin/sshd -D
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always

[Install]
WantedBy=multi-user.target

As a side note, I believe that I have stumbled into that bug because I specify a specific ip address of my multi-homed server in sshd_config at the field ListenAddress.

as denoted at the bottom of https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

servers using the address 0.0.0.0 are unaffected.

Perhaps that an elegant solution to not affect the boot time of systems that don't have this issue could be to bundle 2 service units with openssh.

1. The current one that wants network.target
2. A new unit that wants network-online.target for the sshd instances that listen to specific addresses only available when the network is online.

Here is one last idea. Considering how vital sshd is to admin a remote system, I think that it could be a good idea to never give up attempting to restart it...
This could be done with this:

[Service]
ExecStart=/usr/bin/sshd -D
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
StartLimitIntervalSec=0
RestartSec=20s

Additional info:
openssh 8.5p1

Steps to reproduce:

I have a 802.3ad bonding virtual device with a 2 links aggregation. This seems to be a complex enough setup so that if you trie to listen to this virtual device statically assigned IP that isn't 0.0.0.0, you will get the problem.
This task depends upon

Closed by  Giancarlo Razzolini (grazzolini)
Sunday, 07 March 2021, 01:32 GMT
Reason for closing:  Won't implement
Comment by Giancarlo Razzolini (grazzolini) - Sunday, 07 March 2021, 01:32 GMT
Every now and then a network server on Arch gets a bug report asking us to use network-online.target. Main problem with this is that this target relies on a network manager to tell it's "up". It's an active target. Systemd own documentation says this: "It is strongly recommended not to pull in this target too liberally: for example network server software should generally not pull this in (since server software generally is happy to accept local connections even before any routable network interface is up), its primary purpose is network client software that cannot operate without network."

Given how crucial openssh is to a lot of people, I won't enforce upon then the usage of network management software. You can always systemctl edit openssh.service and add your override.

Loading...