Re: [OCLUG-Tech] sshd config problem(?)

["ed stuckems" <edstuckems [ at ] hotmail [ dot ] com>]

> From: Ross Jordan <rjordan [ at ] numb [ dot ] ca>
> To: ed stuckems <edstuckems [ at ] hotmail [ dot ] com>
> CC: linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca
> Subject: Re: [OCLUG-Tech] sshd config problem(?)
> Date: Fri, 9 Jun 2006 10:56:47 -0700
>
> On Fri, Jun 09, 2006 at 05:51:20PM +0000, ed stuckems wrote:
> > While looking through my logs the other day, I came across the following 
> in
> > my logs ...
> >
> > sshd[2115]: Server listening on :: port 22.
> > sshd[2115]: error: Bind to port 22 on 0.0.0.0 failed: Address already in
> > use.
> >
> > I have three questions:
> >
> > (1) should this concern me?  My gut says yes but I don't know why.
>
> Maybe ssh was "restarted" without being properly shut down.

Good question!   I'll see if I can determine this.  BTW, the error seems to 
coincide with the system restarting.  I'll edit the startup script to do a 
netstat before the sshd command is actually executed.

> > (2) why is ssh looking to bind to a port on 0.0.0.0 (why isn't is simply
> > looking to bind the port on the legal addresses for the machine, ie 
> those
> > that I see when I do ifconfig -a?)
>
> The 0.0.0.0 is often used to mean "bind to all IP addresses I have"
> Most machines have at least 2 IPs, an external one and the loopback.
> Instead of specifying all IPs, it is often convenient to use the
> wildchar IP. You can change this in the sshd config.
>
> > (3) how do I find what app/server/etc has already done the bind of port 
> 22
> > to 0.0.0.0?
>
> 'netstat -anlp' or 'lsof -i | grep LISTENING'

The commands don't really provide any useful info!  It appears that udp and 
tcp won't list the command line used to start the server.  Here are two 
examples (I assume the second line is an ipv6 address!)

tcp        0      0 0.0.0.0:6000                0.0.0.0:*                   
LISTEN      -
tcp        0      0 :::22                       :::*                        
LISTEN      -

The lsof command yields no results either.

So from my very limited understanding of what happening, my working theory 
is that the ipv6 address binds to port 22 first and when the attempt to bind 
port 22 to the ipv4 address comes along, the system generates an error 
because the port is in use.  Is the working theory in any way probable?

> -Ross

_________________________________________________________________
Search your PC with MSN Desktop Search  http://desktop.sympatico.msn.ca/